@secrecy/lib 1.74.0-feat-groups-identity.4 → 1.74.0-feat-transfer-adaptations.1

package/dist/lib/client/SecrecyDbClient.js

@@ -1,6 +1,10 @@
 export class SecrecyDbClient {
-    #client;
-    constructor(client) {
-        this.#client = client;
+    // #client: SecrecyClient;
+    // #keys: KeyPair;
+    #apiClient;
+    constructor(_client, _keys, apiClient) {
+        // this.#client = client;
+        // this.#keys = keys;
+        this.#apiClient = apiClient;
     }
 }

package/dist/lib/client/SecrecyMailClient.js

@@ -3,29 +3,35 @@ import { encryptCryptoBox, sodium } from '../index.js';
 import { convertInternalMailToExternal } from './convert/mail.js';
 export class SecrecyMailClient {
     #client;
-    constructor(client) {
+    #keys;
+    #apiClient;
+    constructor(client, keys, apiClient) {
         this.#client = client;
+        this.#keys = keys;
+        this.#apiClient = apiClient;
     }
     async get({ id }) {
-        const mail = await this.#client.apiClient.mail.byId.query({ id });
+        const mail = await this.#apiClient.mail.byId.query({ id });
         return await convertInternalMailToExternal({
             mail,
-            keyPairs: this.#client.keyPairs,
+            client: this.#client,
+            keyPair: this.#keys,
         });
     }
     async recover({ mailId }) {
-        const { isRecovered } = await this.#client.apiClient.mail.recover.mutate({
+        const { isRecovered } = await this.#apiClient.mail.recover.mutate({
             id: mailId,
         });
         return isRecovered;
     }
     async deletedMails({ mailType, }) {
-        const deletedMails = await this.#client.apiClient.mail.deleted.query({
+        const deletedMails = await this.#apiClient.mail.deleted.query({
             type: mailType,
         });
         return await Promise.all(deletedMails.map(async (mail) => await convertInternalMailToExternal({
             mail,
-            keyPairs: this.#client.keyPairs,
+            client: this.#client,
+            keyPair: this.#keys,
         })));
     }
     async create(data, customMessage) {
@@ -37,7 +43,7 @@ export class SecrecyMailClient {
         return { ...mail, type: 'sent' };
     }
     async waitingReceivedMails() {
-        const waitingReceivedMails = await this.#client.apiClient.mail.waitingReceived.query({});
+        const waitingReceivedMails = await this.#apiClient.mail.waitingReceived.query({});
         const waitingReceivedMailsWithIds = waitingReceivedMails.map((mail) => ({
             id: Math.random().toString(36).substring(2, 9),
             sender: mail.sender,
@@ -73,18 +79,18 @@ export class SecrecyMailClient {
                         throw new Error(`File ${f.name} (${f.id}) does not exists`);
                     }
                 }
-                f.name = sodium.to_hex(encryptCryptoBox(sodium.from_string(f.name), this.#client.uaIdentity.identityPubKey, this.#client.uaPrivateKey));
+                f.name = sodium.to_hex(encryptCryptoBox(sodium.from_string(f.name), this.#keys.publicKey, this.#keys.privateKey));
             }
         }
-        const updateDraftMail = await this.#client.apiClient.mail.updateDraft.mutate({
+        const updateDraftMail = await this.#apiClient.mail.updateDraft.mutate({
             id: draftId,
             recipients: recipients ?? null,
             replyToId: replyToId ?? null,
             body: body !== undefined
-                ? sodium.to_hex(encryptCryptoBox(sodium.from_string(body), this.#client.uaIdentity.identityPubKey, this.#client.uaPrivateKey))
+                ? sodium.to_hex(encryptCryptoBox(sodium.from_string(body), this.#keys.publicKey, this.#keys.privateKey))
                 : null,
             subject: subject !== undefined
-                ? sodium.to_hex(encryptCryptoBox(sodium.from_string(subject), this.#client.uaIdentity.identityPubKey, this.#client.uaPrivateKey))
+                ? sodium.to_hex(encryptCryptoBox(sodium.from_string(subject), this.#keys.publicKey, this.#keys.privateKey))
                 : null,
             senderFiles: senderFiles ?? null,
             hash,
@@ -92,27 +98,28 @@ export class SecrecyMailClient {
         });
         return (await convertInternalMailToExternal({
             mail: updateDraftMail,
-            keyPairs: this.#client.keyPairs,
+            client: this.#client,
+            keyPair: this.#keys,
         }));
     }
     async deleteDraft(draftId) {
-        const { isDeleted } = await this.#client.apiClient.mail.deleteDraft.mutate({
+        const { isDeleted } = await this.#apiClient.mail.deleteDraft.mutate({
             id: draftId,
         });
         return isDeleted;
     }
     async deleteTrash({ ids }) {
-        const { isDeleted } = await this.#client.apiClient.mail.deleteTrash.mutate({
+        const { isDeleted } = await this.#apiClient.mail.deleteTrash.mutate({
             ids,
         });
         return isDeleted;
     }
     async emptyTrash() {
-        const { isDeleted } = await this.#client.apiClient.mail.emptyTrash.mutate({});
+        const { isDeleted } = await this.#apiClient.mail.emptyTrash.mutate({});
         return isDeleted;
     }
     async delete({ mailId }) {
-        const { isDeleted } = await this.#client.apiClient.mail.delete.mutate({
+        const { isDeleted } = await this.#apiClient.mail.delete.mutate({
             id: mailId,
         });
         return isDeleted;
@@ -146,7 +153,7 @@ export class SecrecyMailClient {
                 recipients.push(input);
             }
         }
-        const { isSent } = await this.#client.apiClient.mail.sendDraft.mutate({
+        const { isSent } = await this.#apiClient.mail.sendDraft.mutate({
             temporaryRecipients,
             recipients,
             id: draft.mailIntegrityId,
@@ -168,11 +175,10 @@ export class SecrecyMailClient {
                     if (input === null) {
                         continue;
                     }
-                    await this.#client.apiClient.mail.sendOne.mutate({
+                    await this.#apiClient.mail.sendOne.mutate({
                         id: mail.mailIntegrityId,
                         recipient: {
                             ...input,
-                            recipientPublicKey: input.recipientPubKey,
                             attachments: input.attachments.map((attachment) => ({
                                 id: attachment.dataId,
                                 key: attachment.key,
@@ -201,58 +207,62 @@ export class SecrecyMailClient {
             }
             senderFiles.push({
                 id: data.id,
-                name: sodium.to_hex(encryptCryptoBox(sodium.from_string(f.name), this.#client.uaIdentity.identityPubKey, this.#client.uaPrivateKey)),
+                name: sodium.to_hex(encryptCryptoBox(sodium.from_string(f.name), this.#keys.publicKey, this.#keys.privateKey)),
             });
         }
-        const createDraftMail = await this.#client.apiClient.mail.createDraft.mutate({
+        const createDraftMail = await this.#apiClient.mail.createDraft.mutate({
             recipients,
             replyToId,
-            body: sodium.to_hex(encryptCryptoBox(sodium.from_string(body), this.#client.uaIdentity.identityPubKey, this.#client.uaPrivateKey)),
-            subject: sodium.to_hex(encryptCryptoBox(sodium.from_string(subject), this.#client.uaIdentity.identityPubKey, this.#client.uaPrivateKey)),
+            body: sodium.to_hex(encryptCryptoBox(sodium.from_string(body), this.#keys.publicKey, this.#keys.privateKey)),
+            subject: sodium.to_hex(encryptCryptoBox(sodium.from_string(subject), this.#keys.publicKey, this.#keys.privateKey)),
             senderFiles,
             hash,
             hashKey,
         });
         return (await convertInternalMailToExternal({
             mail: createDraftMail,
-            keyPairs: this.#client.keyPairs,
+            client: this.#client,
+            keyPair: this.#keys,
         }));
     }
     async read({ mailId }) {
-        const { isRead } = await this.#client.apiClient.mail.read.mutate({
+        const { isRead } = await this.#apiClient.mail.read.mutate({
             id: mailId,
         });
         return isRead;
     }
     async unread({ mailId }) {
-        const { isUnread } = await this.#client.apiClient.mail.unread.mutate({
+        const { isUnread } = await this.#apiClient.mail.unread.mutate({
             id: mailId,
         });
         return isUnread;
     }
     async receivedMails(input) {
-        const receivedMails = await this.#client.apiClient.mail.received.query(input);
+        const receivedMails = await this.#apiClient.mail.received.query(input);
         return await Promise.all(receivedMails.map(async (mail) => (await convertInternalMailToExternal({
             mail,
-            keyPairs: this.#client.keyPairs,
+            client: this.#client,
+            keyPair: this.#keys,
         }))));
     }
     async sentMails(input) {
-        const sentMails = await this.#client.apiClient.mail.sent.query(input);
+        const sentMails = await this.#apiClient.mail.sent.query(input);
         return await Promise.all(sentMails.map(async (mail) => (await convertInternalMailToExternal({
             mail,
-            keyPairs: this.#client.keyPairs,
+            client: this.#client,
+            keyPair: this.#keys,
         }))));
     }
     async draftMails(input) {
-        const draftMails = await this.#client.apiClient.mail.draft.query(input);
+        const draftMails = await this.#apiClient.mail.draft.query(input);
         return await Promise.all(draftMails.map(async (mail) => (await convertInternalMailToExternal({
             mail,
-            keyPairs: this.#client.keyPairs,
+            client: this.#client,
+            keyPair: this.#keys,
         }))));
     }
     async unreadReceivedMailsCount() {
-        const unreadReceivedMailsCount = await this.#client.apiClient.mail.unreadReceivedCount.query({});
+        const unreadReceivedMailsCount = await this.#apiClient.mail.unreadReceivedCount.query({});
         return unreadReceivedMailsCount;
     }
     _eachUser = async (data, subject, body, idOrMail) => {
@@ -272,17 +282,17 @@ export class SecrecyMailClient {
             const key = dataInHistory.key;
             attachments.push({
                 dataId: f.id,
-                name: sodium.to_hex(encryptCryptoBox(sodium.from_string(f.name), pubKey, this.#client.uaPrivateKey)),
+                name: sodium.to_hex(encryptCryptoBox(sodium.from_string(f.name), pubKey, this.#keys.privateKey)),
                 key: key
-                    ? sodium.to_hex(encryptCryptoBox(sodium.from_hex(key), pubKey, this.#client.uaPrivateKey))
+                    ? sodium.to_hex(encryptCryptoBox(sodium.from_hex(key), pubKey, this.#keys.privateKey))
                     : null,
             });
         }
         return {
             // recipientId: userId,
-            recipientPubKey: pubKey,
-            body: sodium.to_hex(encryptCryptoBox(sodium.from_string(body), pubKey, this.#client.uaPrivateKey)),
-            subject: sodium.to_hex(encryptCryptoBox(sodium.from_string(subject), pubKey, this.#client.uaPrivateKey)),
+            recipientId: idOrMail,
+            body: sodium.to_hex(encryptCryptoBox(sodium.from_string(body), pubKey, this.#keys.privateKey)),
+            subject: sodium.to_hex(encryptCryptoBox(sodium.from_string(subject), pubKey, this.#keys.privateKey)),
             attachments,
         };
     };

package/dist/lib/client/SecrecyOrganizationClient.js

@@ -1,27 +1,29 @@
 export class SecrecyOrganizationClient {
-    #client;
-    constructor(client) {
-        this.#client = client;
+    // readonly #client: SecrecyClient
+    #apiClient;
+    constructor(_client, _keys, apiClient) {
+        // this.#client = client
+        this.#apiClient = apiClient;
     }
     async create(input) {
-        return this.#client.apiClient.org.create.mutate(input);
+        return this.#apiClient.org.create.mutate(input);
     }
     async update(input) {
-        return this.#client.apiClient.org.update.mutate(input);
+        return this.#apiClient.org.update.mutate(input);
     }
     async addMember(input) {
-        return this.#client.apiClient.org.addMember.mutate(input);
+        return this.#apiClient.org.addMember.mutate(input);
     }
     async removeMember(input) {
-        return this.#client.apiClient.org.removeMember.mutate(input);
+        return this.#apiClient.org.removeMember.mutate(input);
     }
     async updateRole(input) {
-        return this.#client.apiClient.org.updateRole.mutate(input);
+        return this.#apiClient.org.updateRole.mutate(input);
     }
     async list(input) {
-        return this.#client.apiClient.org.list.query(input);
+        return this.#apiClient.org.list.query(input);
     }
     async plans(input) {
-        return this.#client.apiClient.org.plans.query(input);
+        return this.#apiClient.org.plans.query(input);
     }
 }

package/dist/lib/client/SecrecyPayClient.js

@@ -1,8 +1,12 @@
 import { popup } from '../utils/popup-tools.js';
 export class SecrecyPayClient {
     #client;
-    constructor(client) {
+    // #keys: KeyPair
+    // #apiClient: ApiClient
+    constructor(client, _keys, _apiClient) {
         this.#client = client;
+        // this.#keys = keys
+        // this.#apiClient = apiClient
     }
     async confirmPaymentIntent({ paymentIntentId, secrecyIdWhoCreatedPaymentIntent, secrecyIdWhoNeedToConfirmPaymentIntent, amount, currency, }) {
         const hash = Buffer.from(JSON.stringify({

package/dist/lib/client/SecrecyPseudonymClient.js

@@ -1,15 +1,19 @@
 export class SecrecyPseudonymClient {
     #client;
-    constructor(client) {
+    #keys;
+    #apiClient;
+    constructor(client, keys, apiClient) {
         this.#client = client;
+        this.#keys = keys;
+        this.#apiClient = apiClient;
     }
     async askForLabel(input) {
-        return await this.#client.apiClient.pseudonym.askForLabel.query(input);
+        return await this.#apiClient.pseudonym.askForLabel.query(input);
     }
     async askForUser(input) {
-        return await this.#client.apiClient.pseudonym.askForUser.query(input);
+        return await this.#apiClient.pseudonym.askForUser.query(input);
     }
     async cross(input) {
-        return await this.#client.apiClient.pseudonym.cross.query(input);
+        return await this.#apiClient.pseudonym.cross.query(input);
     }
 }

package/dist/lib/client/SecrecyUserClient.js

@@ -1,30 +1,30 @@
 export class SecrecyUserClient {
-    #client;
-    constructor(client) {
-        this.#client = client;
+    #apiClient;
+    constructor(_client, _keys, apiClient) {
+        this.#apiClient = apiClient;
     }
     async answerInvitation(input) {
-        return await this.#client.apiClient.contacts.answerInvitation.mutate(input);
+        return await this.#apiClient.contacts.answerInvitation.mutate(input);
     }
     async cancelInvitation(input) {
-        return await this.#client.apiClient.contacts.cancelInvitation.mutate(input);
+        return await this.#apiClient.contacts.cancelInvitation.mutate(input);
     }
     async createInvitation(input) {
-        return await this.#client.apiClient.contacts.createInvitation.mutate(input);
+        return await this.#apiClient.contacts.createInvitation.mutate(input);
     }
     async getContacts(input) {
-        return await this.#client.apiClient.contacts.getContacts.query(input);
+        return await this.#apiClient.contacts.getContacts.query(input);
     }
     async getReceivedInvitations(input) {
-        return await this.#client.apiClient.contacts.getReceivedInvitations.query(input);
+        return await this.#apiClient.contacts.getReceivedInvitations.query(input);
     }
     async getSentInvitations(input) {
-        return await this.#client.apiClient.contacts.getSentInvitations.query(input);
+        return await this.#apiClient.contacts.getSentInvitations.query(input);
     }
     async removeContact(input) {
-        return await this.#client.apiClient.contacts.removeContact.mutate(input);
+        return await this.#apiClient.contacts.removeContact.mutate(input);
     }
     async getUsers(input) {
-        return await this.#client.apiClient.account.getUsers.query(input);
+        return await this.#apiClient.account.getUsers.query(input);
     }
 }

package/dist/lib/client/SecrecyWalletClient.js

@@ -1,9 +1,11 @@
 import { popup } from '../utils/popup-tools.js';
 export class SecrecyWalletClient {
     #client;
+    // #keys: KeyPair;
     // #thunder: ReturnType<typeof Thunder>;
     constructor(client) {
         this.#client = client;
+        // this.#keys = keys;
         // this.#thunder = thunder;
     }
     async createTransaction({ network = 'mainnet', tx, }) {

package/dist/lib/client/convert/data.js

@@ -1,7 +1,7 @@
 import { dataCache } from '../../cache.js';
 import { decryptCryptoBox } from '../../crypto/index.js';
 import { sodium } from '../../sodium.js';
-export function apiDataToInternal(apiData, keyPairs) {
+export function apiDataToInternal(apiData, keyPair) {
     const data = {
         id: apiData.id,
         md5: apiData.md5,
@@ -10,7 +10,7 @@ export function apiDataToInternal(apiData, keyPairs) {
         size: apiData.size,
         sizeEncrypted: apiData.sizeEncrypted,
         key: apiData.access.key
-            ? sodium.to_hex(decryptCryptoBox(sodium.from_hex(apiData.access.key), apiData.access.sharedByPubKey, keyPairs[apiData.access.identityPubKey]))
+            ? sodium.to_hex(decryptCryptoBox(sodium.from_hex(apiData.access.key), apiData.access.sharedByPubKey, keyPair.privateKey))
             : null,
         mime: apiData.mime ?? undefined,
         ext: apiData.ext ?? undefined,
@@ -30,6 +30,6 @@ export function internalDataToExternalData(internal) {
         ext: internal.ext ?? undefined,
     };
 }
-export function apiDataToExternal(apiData, keyPairs) {
-    return internalDataToExternalData(apiDataToInternal(apiData, keyPairs));
+export function apiDataToExternal(apiData, keyPair) {
+    return internalDataToExternalData(apiDataToInternal(apiData, keyPair));
 }

package/dist/lib/client/convert/mail.js

@@ -1,5 +1,5 @@
-import { sodium, decryptCryptoBox } from '../../index.js';
-export async function convertInternalMailToExternal({ mail, keyPairs, }) {
+import { sodium, decryptCryptoBox, } from '../../index.js';
+export async function convertInternalMailToExternal({ client, mail, keyPair, }) {
     let type = mail.type;
     if (mail.mailIntegrityDraft !== null) {
         type = 'draft';
@@ -8,8 +8,10 @@ export async function convertInternalMailToExternal({ mail, keyPairs, }) {
     if (mI === null) {
         throw new Error('Mail integrity is null');
     }
-    const pubKey = mail.senderPubKey;
-    const privateKey = keyPairs[mail.recipientPubKey];
+    const pubKey = mail.type === 'received'
+        ? await client.app.userPublicKey(mail.sender.id)
+        : keyPair.publicKey;
+    const privateKey = keyPair.privateKey;
     const body = sodium.to_string(decryptCryptoBox(sodium.from_hex(mail.body), pubKey, privateKey));
     const subject = sodium.to_string(decryptCryptoBox(sodium.from_hex(mail.subject), pubKey, privateKey));
     const hash = sodium.crypto_generichash(sodium.crypto_generichash_BYTES, JSON.stringify({ body, subject }), mI.hashKey, 'hex');
@@ -28,7 +30,6 @@ export async function convertInternalMailToExternal({ mail, keyPairs, }) {
         temporaryRecipients: [], // TODO
         recipients: mI.recipients,
         sender: mail.sender,
-        senderPublicKey: mail.senderPubKey,
         attachments: mail.attachments.map((f) => {
             const name = sodium.to_string(decryptCryptoBox(sodium.from_hex(f.name), pubKey, privateKey));
             return {

package/dist/lib/client/convert/node.js

@@ -3,11 +3,11 @@ import { decryptCryptoBox } from '../../crypto/index.js';
 import { nodesCache, nodesEncryptionCache } from '../../cache.js';
 import { decryptSecretStream } from '../../crypto/data.js';
 import { apiDataToInternal, internalDataToExternalData } from './data.js';
-async function apiNodeToInternal(apiNode, keyPairs) {
+async function apiNodeToInternal(apiNode, keyPair) {
     const internal = {
         id: apiNode.id,
         type: apiNode.type,
-        accesses: apiNode.accesses,
+        access: apiNode.access,
         name: apiNode.name,
         isFavorite: apiNode.isFavorite,
         breadcrumb: 'breadcrumb' in apiNode ? apiNode.breadcrumb : [],
@@ -21,48 +21,38 @@ async function apiNodeToInternal(apiNode, keyPairs) {
         createdAt: apiNode.createdAt,
         updatedAt: apiNode.updatedAt,
         deletedAt: apiNode.deletedAt,
-        identities: apiNode.identities,
-        permissions: apiNode.permissions,
+        users: apiNode.users,
         parentId: apiNode.parentId ?? null,
         currentDataId: apiNode.currentDataId ?? null,
     };
-    for (const access of internal.accesses) {
-        if (access.nameKey === null) {
-            continue;
-        }
-        const pk = keyPairs[access.identityPubKey];
-        const key = decryptCryptoBox(sodium.from_hex(access.nameKey), access.sharedByPubKey, pk);
-        access.nameKey = sodium.to_hex(key);
-    }
-    const firstAccess = internal.accesses[0];
-    if (!firstAccess || firstAccess.nameKey === null) {
-        throw new Error('No access found for node ' + internal.id);
+    if (apiNode.access.nameKey !== null) {
+        const key = decryptCryptoBox(sodium.from_hex(apiNode.access.nameKey), apiNode.access.sharedByPubKey, keyPair.privateKey);
+        internal.name = sodium.to_string(await decryptSecretStream(key, sodium.from_hex(internal.name)));
+        internal.access.nameKey = sodium.to_hex(key);
     }
-    internal.name = sodium.to_string(await decryptSecretStream(sodium.from_hex(firstAccess.nameKey), sodium.from_hex(internal.name)));
     for (const b of internal.breadcrumb) {
         if (b.nameKey === null) {
             continue;
         }
-        const pk = keyPairs[b.identityPubKey];
-        const key = decryptCryptoBox(sodium.from_hex(b.nameKey), b.sharedByPubKey, pk);
+        const key = decryptCryptoBox(sodium.from_hex(b.nameKey), b.pubKey, keyPair.privateKey);
         b.nameKey = sodium.to_hex(key);
         b.name = sodium.to_string(await decryptSecretStream(key, sodium.from_hex(b.name)));
     }
     nodesCache.set(internal.id, internal);
     return internal;
 }
-export async function apiNodeFullToInternalFull(apiNodeFull, keyPairs) {
-    const f = await apiNodeToInternal(apiNodeFull, keyPairs);
+export async function apiNodeFullToInternalFull(apiNodeFull, keyPair) {
+    const f = await apiNodeToInternal(apiNodeFull, keyPair);
     const nodeFull = {
         ...f,
         current: !!apiNodeFull.current
-            ? apiDataToInternal(apiNodeFull.current, keyPairs)
+            ? apiDataToInternal(apiNodeFull.current, keyPair)
             : undefined,
         parent: apiNodeFull.parent !== null
-            ? await apiNodeToInternal(apiNodeFull.parent, keyPairs)
+            ? await apiNodeToInternal(apiNodeFull.parent, keyPair)
             : null,
-        children: await Promise.all(apiNodeFull.children.map(async (s) => await apiNodeToInternal(s, keyPairs))),
-        history: apiNodeFull.history.map((f) => apiDataToInternal(f, keyPairs)),
+        children: await Promise.all(apiNodeFull.children.map(async (s) => await apiNodeToInternal(s, keyPair))),
+        history: apiNodeFull.history.map((f) => apiDataToInternal(f, keyPair)),
     };
     nodesCache.set(f.id, nodeFull);
     return nodeFull;
@@ -70,19 +60,19 @@ export async function apiNodeFullToInternalFull(apiNodeFull, keyPairs) {
 function internalNodeToNode(internal) {
     const node = {
         ...internal,
-        // breadcrumb: internal.breadcrumb.map((b) => ({
-        //   id: b.id,
-        //   name: b.name,
-        // })),
-        // access: {
-        //   isRoot: internal.access.isRoot,
-        //   sharedByPubKey: internal.access.sharedByPubKey,
-        //   rights: internal.access.rights,
-        //   addAccess: internal.access.addAccess,
-        //   delAccess: internal.access.delAccess,
-        //   sharingAddAccess: internal.access.sharingAddAccess,
-        //   sharingDelAccess: internal.access.sharingDelAccess,
-        // },
+        breadcrumb: internal.breadcrumb.map((b) => ({
+            id: b.id,
+            name: b.name,
+        })),
+        access: {
+            isRoot: internal.access.isRoot,
+            sharedByPubKey: internal.access.sharedByPubKey,
+            rights: internal.access.rights,
+            addAccess: internal.access.addAccess,
+            delAccess: internal.access.delAccess,
+            sharingAddAccess: internal.access.sharingAddAccess,
+            sharingDelAccess: internal.access.sharingDelAccess,
+        },
     };
     return node;
 }
@@ -97,18 +87,17 @@ export function internalNodeFullToNodeFull(internal) {
             : undefined,
     };
 }
-export async function apiNodeToExternalNodeFull(apiNodeFull, keyPairs) {
-    const apiNode = await apiNodeFullToInternalFull(apiNodeFull, keyPairs);
+export async function apiNodeToExternalNodeFull(apiNodeFull, keyPair) {
+    const apiNode = await apiNodeFullToInternalFull(apiNodeFull, keyPair);
     return internalNodeFullToNodeFull(apiNode);
 }
-export async function apiNodeToExternal(apiNode, keyPairs) {
-    const internal = await apiNodeToInternal(apiNode, keyPairs);
+export async function apiNodeToExternal(apiNode, keyPair) {
+    const internal = await apiNodeToInternal(apiNode, keyPair);
     return internalNodeToNode(internal);
 }
-export async function apiNodeForEncryptionToInternal(apiNode, keyPairs) {
+export async function apiNodeForEncryptionToInternal(apiNode, keyPair) {
     const history = apiNode.history.map((history) => {
-        const pk = keyPairs[history.access.identityPubKey];
-        const key = decryptCryptoBox(sodium.from_hex(history.access.key), history.access.sharedByPublicKey, pk);
+        const key = decryptCryptoBox(sodium.from_hex(history.access.key), history.access.sharedByPublicKey, keyPair.privateKey);
         return {
             id: history.id,
             key: sodium.to_hex(key),
@@ -123,8 +112,7 @@ export async function apiNodeForEncryptionToInternal(apiNode, keyPairs) {
     };
     internal.access = { ...apiNode.access };
     if (apiNode.access.nameKey !== null) {
-        const pk = keyPairs[apiNode.access.identityPubKey];
-        const key = decryptCryptoBox(sodium.from_hex(apiNode.access.nameKey), apiNode.access.sharedByPublicKey, pk);
+        const key = decryptCryptoBox(sodium.from_hex(apiNode.access.nameKey), apiNode.access.sharedByPublicKey, keyPair.privateKey);
         internal.name = sodium.to_string(await decryptSecretStream(key, sodium.from_hex(internal.name)));
         internal.access.nameKey = sodium.to_hex(key);
     }

package/dist/lib/client/data-link.js

@@ -0,0 +1,77 @@
+import z from 'zod';
+import { buildBytesFromDataLink } from '../crypto/domain';
+import { sodium } from '../sodium';
+import { derivePassword } from '../crypto/helpers';
+import { decryptSecretBox } from '../crypto';
+import { decrypt } from '../worker/sodium';
+import { md5 } from '../worker/md5';
+import { decompress } from '../minify';
+const downloadDataLinkS3Schema = z.object({
+    name: z.string(),
+    md5: z.string(),
+    md5Encrypted: z.string().nullable(),
+    size: z.coerce.bigint().gte(0n),
+    parts: z.array(z.object({ order: z.number(), md5: z.string(), contentUrl: z.string() })),
+    mime: z.string(),
+    isEncrypted: z.boolean(),
+});
+const downloadDataLinkLiteSchema = z.object({
+    name: z.string(),
+    md5: z.string(),
+    md5Encrypted: z.string().nullable(),
+    size: z.coerce.bigint().gte(0n),
+    bytes: z.string(),
+    mime: z.string(),
+    isEncrypted: z.boolean(),
+});
+export const downloadDataLinkSchema = z.union([
+    downloadDataLinkS3Schema,
+    downloadDataLinkLiteSchema,
+]);
+// TODO: Add an opt header for authed users!
+export async function downloadDataFromLink(opts) {
+    let dataUrl = opts.dataUrl ?? 'https://data.secrecy.tech/';
+    dataUrl = dataUrl.endsWith('/') ? dataUrl : `${dataUrl}/`;
+    const rawDataLink = await fetch(`${dataUrl}${opts.dataLinkSlug}/json`)
+        .then((res) => res.json())
+        .catch((err) => {
+        throw new Error(`Unable to fetch "${`${dataUrl}${opts.dataLinkSlug}/json"`}`, { cause: err });
+    });
+    const dataLink = downloadDataLinkSchema.safeParse(rawDataLink);
+    if (dataLink.error) {
+        throw new Error(`Should not happen!`, { cause: dataLink.error });
+    }
+    if (dataLink.data.isEncrypted && !opts.crypto) {
+        throw new Error('Unable to read encrypted data without password!');
+    }
+    const bytes = await buildBytesFromDataLink({
+        dataLink: dataLink.data,
+        totalBytes: Number(dataLink.data.size),
+        signal: opts.signal,
+        onDownloadProgress: opts.downloadProgress,
+    });
+    if (!dataLink.data.isEncrypted) {
+        return bytes;
+    }
+    if (!opts.crypto) {
+        throw new Error('Unable to read encrypted data without password!');
+    }
+    try {
+        const salt = sodium.crypto_generichash(sodium.crypto_pwhash_SALTBYTES, opts.crypto.password + dataLink.data.md5);
+        const derivedPassword = derivePassword(opts.crypto.password, salt);
+        const decryptedSharingDataKey = decryptSecretBox(sodium.from_hex(opts.crypto.key), derivedPassword);
+        const decryptedBytes = await decrypt(decryptedSharingDataKey, bytes, opts.decryptProgress, opts.signal);
+        const md5Content = await md5(decryptedBytes);
+        if (md5Content !== dataLink.data.md5) {
+            throw new Error(`Content does not match`);
+        }
+        return decompress(decryptedBytes);
+    }
+    catch (err) {
+        console.error(err);
+        if (opts.crypto.password) {
+            throw new Error('Unable to decrypt the data! The password is not valid!');
+        }
+        throw new Error('Unable to decrypt the data!');
+    }
+}