@secrecy/lib 1.74.0-feat-groups-identity.4 → 1.74.0-feat-transfer-adaptations.1

package/dist/lib/client/download.js

@@ -0,0 +1,84 @@
+import { fileTypeFromBlob } from 'file-type';
+export const downloadFileLite = async (file, name) => {
+    const meta = (await fileTypeFromBlob(file instanceof Blob ? file : new Blob([file]))) || { ext: 'dat', mime: 'application/octet-stream' };
+    const blob = file instanceof Blob ? file : new Blob([file], { type: meta.mime });
+    const link = document.createElement('a');
+    link.href = URL.createObjectURL(blob);
+    link.download = name; // On ne double pas l’extension ici
+    document.body.appendChild(link);
+    link.click();
+    document.body.removeChild(link);
+    URL.revokeObjectURL(link.href); // nettoyage
+};
+export const downloadFileSmart = async (file, name) => {
+    if (typeof window === 'undefined') {
+        return false;
+    }
+    const meta = (await fileTypeFromBlob(file instanceof Blob ? file : new Blob([file]))) || { ext: 'dat', mime: 'application/octet-stream' };
+    const blob = file instanceof Blob ? file : new Blob([file], { type: meta.mime });
+    // 1. Try File System Access API
+    if ('showSaveFilePicker' in window) {
+        try {
+            const handle = await window.showSaveFilePicker({
+                suggestedName: name,
+                types: [
+                    {
+                        description: 'Fichier',
+                        accept: {
+                            [blob.type]: [`.${meta.ext}`],
+                        },
+                    },
+                ],
+            });
+            const writable = await handle.createWritable();
+            await writable.write(blob);
+            await writable.close();
+            return true;
+        }
+        catch {
+            // Silent failover to fallback
+        }
+    }
+    // 2. Try StreamSaver.js
+    try {
+        const streamSaver = await import('streamsaver').then((m) => m.default);
+        const fileStream = streamSaver.createWriteStream(name, { size: blob.size });
+        const readable = blob.stream();
+        if (window.WritableStream && readable.pipeTo) {
+            await readable.pipeTo(fileStream);
+        }
+        else {
+            const writer = fileStream.getWriter();
+            const reader = readable.getReader();
+            const pump = async () => {
+                const { done, value } = await reader.read();
+                if (done) {
+                    return writer.close();
+                }
+                await writer.write(value);
+                return pump();
+            };
+            await pump();
+        }
+        return true;
+    }
+    catch {
+        // Silent failover to anchor
+    }
+    // 3. Fallback: anchor download
+    try {
+        const url = URL.createObjectURL(blob);
+        const a = document.createElement('a');
+        a.href = url;
+        a.download = name;
+        a.style.display = 'none';
+        document.body.appendChild(a);
+        a.click();
+        document.body.removeChild(a);
+        URL.revokeObjectURL(url);
+        return true;
+    }
+    catch {
+        return false;
+    }
+};

package/dist/lib/client/helpers.js

@@ -21,27 +21,26 @@ export function getSecrecyClient(opts = {}) {
     const storage = getStorage(opts.session);
     const infos = parseInfos();
     if (infos !== null) {
-        storage.identities.save(infos.identities);
-        storage.keyPairs.save(infos.keyPairs);
+        storage.userAppKeys.save(infos.keys);
         storage.userAppSession.save(infos.uaSession);
         storage.jwt.save(infos.jwt);
         return new SecrecyClient({
             uaSession: infos.uaSession,
-            identities: infos.identities,
-            keyPairs: infos.keyPairs,
+            uaKeys: infos.keys,
             uaJwt: infos.jwt,
             secrecyUrls: opts.secrecyUrls,
         });
     }
     const uaSession = storage.userAppSession.load();
-    const identities = storage.identities.load();
-    const keyPairs = storage.keyPairs.load();
+    const uaKeys = storage.userAppKeys.load();
     const uaJwt = storage.jwt.load();
-    if (uaSession && identities && keyPairs && uaJwt) {
+    if (uaSession && uaKeys && uaJwt) {
+        storage.userAppKeys.save(uaKeys);
+        storage.userAppSession.save(uaSession);
+        storage.jwt.save(uaJwt);
         return new SecrecyClient({
             uaSession,
-            identities,
-            keyPairs,
+            uaKeys,
             uaJwt,
             secrecyUrls: opts.secrecyUrls,
         });
@@ -51,7 +50,7 @@ export function getSecrecyClient(opts = {}) {
 export async function login({ appId, context, path, redirect, scopes, backPath, session, secrecyUrls, }) {
     return await new Promise(async (resolve, reject) => {
         const appUrl = window.location.origin;
-        const client = getSecrecyClient({ session, secrecyUrls });
+        const client = getSecrecyClient({ secrecyUrls });
         const innerLogin = () => {
             const infos = {
                 appUrl,
@@ -68,13 +67,11 @@ export async function login({ appId, context, path, redirect, scopes, backPath,
             const validate = (infos) => {
                 const storage = getStorage(session);
                 storage.userAppSession.save(infos.uaSession);
-                storage.identities.save(infos.identities);
-                storage.keyPairs.save(infos.keyPairs);
+                storage.userAppKeys.save(infos.keys);
                 storage.jwt.save(infos.jwt);
                 resolve(new SecrecyClient({
                     uaSession: infos.uaSession,
-                    identities: infos.identities,
-                    keyPairs: infos.keyPairs,
+                    uaKeys: infos.keys,
                     uaJwt: infos.jwt,
                     secrecyUrls,
                 }));
@@ -114,10 +111,6 @@ export async function login({ appId, context, path, redirect, scopes, backPath,
         }
         else {
             if (context) {
-                if (context.userId && client.uaIdentity.userId !== context.userId) {
-                    innerLogin();
-                    return;
-                }
                 const me = await client.me();
                 if ((context.userId && context.userId !== me.id) ||
                     (context.orgId && context.orgId !== me.organization.id)) {

package/dist/lib/client/index.js

@@ -11,9 +11,7 @@ import { SecrecyPseudonymClient } from './SecrecyPseudonymClient.js';
 import { decryptAnonymous } from '../crypto/index.js';
 import { SecrecyOrganizationClient } from './SecrecyOrganizationClient.js';
 export class SecrecyClient extends BaseClient {
-    #groupIdentities;
-    #uaIdentity;
-    #keyPairs;
+    #keys;
     cloud;
     mail;
     app;
@@ -38,53 +36,22 @@ export class SecrecyClient extends BaseClient {
                 }
             },
         });
-        this.#keyPairs = opts.keyPairs;
-        this.#groupIdentities = opts.identities.filter((i) => i.kind === 'GROUP');
-        const uaIdentities = opts.identities.filter((i) => i.kind === 'USER_APP');
-        if (uaIdentities.length !== 1) {
-            throw new Error('One USER_APP identity is required');
-        }
-        this.#uaIdentity = uaIdentities[0];
-        this.cloud = new SecrecyCloudClient(this);
-        this.mail = new SecrecyMailClient(this);
-        this.app = new SecrecyAppClient(opts.uaJwt, this);
-        this.db = new SecrecyDbClient(this);
-        this.organization = new SecrecyOrganizationClient(this);
+        this.#keys = opts.uaKeys;
+        this.cloud = new SecrecyCloudClient(this, this.#keys, this.client);
+        this.mail = new SecrecyMailClient(this, this.#keys, this.client);
+        this.app = new SecrecyAppClient(opts.uaJwt, this, this.#keys, this.client);
+        this.db = new SecrecyDbClient(this, this.#keys, this.client);
+        this.organization = new SecrecyOrganizationClient(this, this.#keys, this.client);
         this.wallet = new SecrecyWalletClient(this);
-        this.pay = new SecrecyPayClient(this);
-        this.user = new SecrecyUserClient(this);
-        this.pseudonym = new SecrecyPseudonymClient(this);
+        this.pay = new SecrecyPayClient(this, this.#keys, this.client);
+        this.user = new SecrecyUserClient(this, this.#keys, this.client);
+        this.pseudonym = new SecrecyPseudonymClient(this, this.#keys, this.client);
     }
     get publicKey() {
-        return this.#uaIdentity.identityPubKey;
-    }
-    get apiClient() {
-        return this.client;
-    }
-    get keyPairs() {
-        return this.#keyPairs;
-    }
-    getPrivateKey(pubKey) {
-        const privateKey = this.#keyPairs[pubKey];
-        if (privateKey === undefined) {
-            throw new Error(`Missing private key for public key ${pubKey}`);
-        }
-        return privateKey;
-    }
-    get uaPrivateKey() {
-        return this.getPrivateKey(this.#uaIdentity.identityPubKey);
-    }
-    get groupIdentities() {
-        return this.#groupIdentities;
-    }
-    get uaIdentity() {
-        return this.#uaIdentity;
+        return this.#keys.publicKey;
     }
     decryptAnonymous(data) {
-        return decryptAnonymous(data, {
-            publicKey: this.#uaIdentity.identityPubKey,
-            privateKey: this.uaPrivateKey,
-        });
+        return decryptAnonymous(data, this.#keys);
     }
     async logout(sessionId) {
         nodesCache.clear();
@@ -92,7 +59,4 @@ export class SecrecyClient extends BaseClient {
         publicKeysCache.clear();
         await super.logout(sessionId);
     }
-    async getIdentities(input) {
-        return await this.client.identity.getMany.query(input);
-    }
 }

package/dist/lib/client/storage.js

@@ -1,8 +1,7 @@
 import { storeBuddy } from '../utils/store-buddy.js';
 export function getStorage(session) {
     const userAppSession = storeBuddy(`secrecy.user_app_session`, session).init(null);
-    const identities = storeBuddy(`secrecy.identities`, session).init(null);
-    const keyPairs = storeBuddy(`secrecy.key_pairs`, session).init(null);
+    const userAppKeys = storeBuddy(`secrecy.user_app_keys`, session).init(null);
     const jwt = storeBuddy(`secrecy.jwt`, session).init(null);
-    return { identities, keyPairs, userAppSession, jwt };
+    return { userAppKeys, userAppSession, jwt };
 }

package/dist/lib/client/types/index.js

@@ -1,9 +1,13 @@
 import { z } from 'zod';
-import { accessIdentitySchema } from './identity.js';
+const keyPair = z
+    .object({
+    publicKey: z.string(),
+    privateKey: z.string(),
+})
+    .strict();
 export const secrecyUserApp = z
     .object({
-    identities: accessIdentitySchema.array(),
-    keyPairs: z.record(z.string(), z.string()),
+    keys: keyPair,
     jwt: z.string(),
     uaSession: z.string(),
 })

package/dist/lib/client/upload.js

@@ -0,0 +1,252 @@
+import { kiloToBytes } from '../utils.js';
+import { compress } from '../minify/index.js';
+import { md5 } from '../worker/md5.js';
+import { sodium } from '../sodium.js';
+import { fileTypeFromBuffer } from 'file-type';
+import { dataContentCache } from '../cache.js';
+import { chunks, enumerate } from '../utils/array.js';
+import { getTrpcGuestClient, } from '../client.js';
+import axios from 'axios';
+import { promiseAllLimit } from '../utils/promise.js';
+import { encryptDataAndKey } from '../crypto/domain.js';
+import { derivePassword, generatePassword } from '../crypto/helpers.js';
+import { decryptCryptoBox, encryptSecretBox } from '../crypto/index.js';
+export async function uploadData({ storageType, data, password, forcePassword = false, encrypted = true, encryptProgress, uploadProgress, signal, meta, keyPair, apiClient, }) {
+    if (!encrypted && (password || forcePassword)) {
+        throw new Error('Cannot share unencrypted data with a password!');
+    }
+    if (encrypted && !password && !forcePassword && !keyPair) {
+        throw new Error('Cannot share encrypted data without a password!');
+    }
+    apiClient ??= getTrpcGuestClient();
+    const dataBuffer = data instanceof File
+        ? new Uint8Array(await data.arrayBuffer())
+        : typeof window === 'undefined' && data instanceof Buffer
+            ? new Uint8Array(data)
+            : data;
+    let filetype;
+    if (meta === true) {
+        filetype = await fileTypeFromBuffer(dataBuffer);
+    }
+    else if (typeof meta !== 'undefined') {
+        filetype = meta;
+    }
+    else if (!encrypted) {
+        filetype = await fileTypeFromBuffer(dataBuffer);
+    }
+    if (storageType === 'lite' && dataBuffer.byteLength > kiloToBytes(1024)) {
+        throw new Error('The data is too big for lite upload!');
+    }
+    if (!keyPair && storageType === 'cold') {
+        throw new Error('Cold storage is only for logged users!');
+    }
+    const compressed = encrypted ? compress(dataBuffer) : dataBuffer;
+    let { encryptedData, encryptedDataKey, dataKey, md5Data, md5Encrypted } = encrypted
+        ? await encryptDataAndKey({
+            data: compressed,
+            progress: encryptProgress,
+            keyPair,
+            signal,
+        })
+        : {
+            encryptedData: compressed,
+            encryptedDataKey: null,
+            dataKey: null,
+            md5Data: await md5(compressed),
+            md5Encrypted: null,
+        };
+    await uploadProgress?.({
+        total: encryptedData.byteLength,
+        current: 0,
+        percent: 0,
+    });
+    const createSharing = ({ data, }) => {
+        if (dataKey && (password || forcePassword)) {
+            password ??= generatePassword();
+            const salt = sodium.crypto_generichash(sodium.crypto_pwhash_SALTBYTES, password + md5Data);
+            const derivedPassword = derivePassword(password, salt);
+            let key;
+            if (data.type === 'guest' ||
+                (data.type === 'authed' &&
+                    encryptedDataKey &&
+                    data.key === sodium.to_hex(encryptedDataKey))) {
+                key = dataKey;
+            }
+            else {
+                if (!keyPair) {
+                    throw new Error('Unable to encrypt data without keyPair!');
+                }
+                if (!data.key) {
+                    throw new Error('Unable to encrypt data without key!');
+                }
+                key = decryptCryptoBox(sodium.from_hex(data.key), data.keyPair.pub, keyPair.privateKey);
+            }
+            // NOTE: Process to create a sharing for a auth client (todo: endpoint)
+            return {
+                password,
+                encryptedDataKey: sodium.to_hex(encryptSecretBox(key, derivedPassword)),
+            };
+        }
+        return null;
+    };
+    if (storageType === 'lite') {
+        const uploadDataArgs = md5Encrypted
+            ? {
+                type: 'encrypted',
+                content: Buffer.from(encryptedData),
+                sizeEncrypted: BigInt(encryptedData.byteLength),
+                size: BigInt(dataBuffer.byteLength),
+                key: encryptedDataKey ? sodium.to_hex(encryptedDataKey) : undefined,
+                md5Encrypted,
+                md5: md5Data,
+                ...filetype,
+            }
+            : {
+                type: 'unencrypted',
+                content: Buffer.from(encryptedData),
+                md5: md5Data,
+                sizeEncrypted: undefined,
+                size: BigInt(dataBuffer.byteLength),
+                ...filetype,
+            };
+        const uploadData = await apiClient.cloud.uploadLiteData.mutate(uploadDataArgs, { signal });
+        await uploadProgress?.({
+            total: encryptedData.byteLength,
+            current: encryptedData.byteLength,
+            percent: 1,
+        });
+        const sharing = createSharing({ data: uploadData });
+        const localData = {
+            id: uploadData.id,
+            storageType: 'lite',
+            size: uploadDataArgs.size,
+            sizeEncrypted: uploadDataArgs.sizeEncrypted ?? null,
+            data: dataBuffer,
+            ...filetype,
+        };
+        dataContentCache.set(uploadData.id, localData);
+        return {
+            ...localData,
+            sharing,
+        };
+    }
+    if (storageType === 's3' || storageType === 'cold') {
+        const uploadDataArgs = md5Encrypted
+            ? {
+                type: 'encrypted',
+                sizeEncrypted: BigInt(encryptedData.byteLength),
+                size: BigInt(dataBuffer.byteLength),
+                key: encryptedDataKey ? sodium.to_hex(encryptedDataKey) : undefined,
+                md5Encrypted,
+                md5: md5Data,
+                ...filetype,
+            }
+            : {
+                type: 'unencrypted',
+                md5: md5Data,
+                size: BigInt(dataBuffer.byteLength),
+                sizeEncrypted: undefined,
+                ...filetype,
+            };
+        const uploadDataCaller = storageType === 's3'
+            ? apiClient.cloud.uploadData
+            : apiClient.cloud.uploadColdData;
+        const uploadData = await uploadDataCaller.mutate(uploadDataArgs, {
+            signal,
+        });
+        if (uploadData.parts.length === 0) {
+            if (uploadData.type === 'authed' &&
+                (typeof keyPair === 'undefined' ||
+                    typeof keyPair === 'string' ||
+                    uploadData.keyPair.pub !== keyPair.publicKey)) {
+                throw new Error('The public key does not match with cached key!');
+            }
+            await uploadProgress?.({
+                total: encryptedData.byteLength,
+                current: encryptedData.byteLength,
+                percent: 1,
+            });
+            const sharing = createSharing({ data: uploadData });
+            const localData = {
+                id: uploadData.id,
+                storageType: storageType,
+                size: uploadDataArgs.size,
+                sizeEncrypted: uploadDataArgs.sizeEncrypted ?? null,
+                data: dataBuffer,
+                ...filetype,
+            };
+            dataContentCache.set(uploadData.id, localData);
+            return {
+                ...localData,
+                sharing,
+            };
+        }
+        const uploadDataPartEnd = async (md5, order) => {
+            return apiClient.cloud.uploadDataPartEnd.mutate({ dataId: uploadData.id, md5, order }, { signal });
+        };
+        const chunkParts = new Array();
+        for (const [index, chunk] of enumerate(chunks(encryptedData, Number(uploadData.partSize)))) {
+            chunkParts.push({
+                order: index + 1,
+                data: chunk,
+                md5: await md5(chunk),
+            });
+        }
+        const progressParts = {};
+        const onProgress = (part, progressEvent) => {
+            progressParts[part] = progressEvent;
+            const current = Object.values(progressParts).reduce((prv, cur) => prv + cur.transferredBytes, 0);
+            void uploadProgress?.({
+                percent: current / encryptedData.byteLength,
+                total: encryptedData.byteLength,
+                current,
+            });
+        };
+        const byPart = async (part) => {
+            const formData = new FormData();
+            const chunk = chunkParts.find((p) => p.order === part.order);
+            if (chunk === undefined) {
+                return;
+            }
+            for (const [key, value] of Object.entries(part.fields)) {
+                formData.append(key, value);
+            }
+            formData.append('file', new Blob([chunk.data], { type: filetype?.mime }), `${uploadData.id}-${chunk.order}`);
+            await axios.post(part.url, formData, {
+                onUploadProgress: (progressEvent) => {
+                    onProgress(part.order, {
+                        percent: progressEvent.progress ?? 0,
+                        totalBytes: progressEvent.total ?? 0,
+                        transferredBytes: progressEvent.loaded,
+                    });
+                },
+            });
+            return uploadDataPartEnd(chunk.md5, chunk.order);
+        };
+        await promiseAllLimit(3, uploadData.parts.map((p) => async () => {
+            await byPart(p);
+        }));
+        const sharing = createSharing({ data: uploadData });
+        const localData = {
+            id: uploadData.id,
+            storageType: storageType,
+            size: uploadDataArgs.size,
+            sizeEncrypted: uploadDataArgs.sizeEncrypted ?? null,
+            data: dataBuffer,
+            ...filetype,
+        };
+        dataContentCache.set(uploadData.id, localData);
+        return {
+            ...localData,
+            sharing,
+        };
+    }
+    throw new Error(`The "${storageType}" is not implemented yet!`);
+}
+export function createPublicDataLink({ apiClient, ...opts }) {
+    if (opts.expireAt && opts.expireAt <= new Date()) {
+        throw new Error('Unable to create public link using a past expireAt date!');
+    }
+    apiClient ??= getTrpcGuestClient();
+    return apiClient.cloud.createDataLink.mutate(opts);
+}

package/dist/lib/client.js

@@ -48,3 +48,10 @@ export const createTRPCClient = (opts) => innerCreateTRPCClient({
         }),
     ],
 });
+export const getTrpcGuestClient = (() => {
+    let client;
+    return function getApiGuestClient({ url } = {}) {
+        client ??= createTRPCClient({ apiUrl: url });
+        return client;
+    };
+})();

package/dist/lib/crypto/data.js

@@ -122,6 +122,9 @@ export async function decryptSecretStream(key, data, progress, abort) {
             throw new Error(`Decrypt aborted`);
         }
         const messageTag = decryptFn(chunk);
+        if (typeof messageTag === 'boolean') {
+            throw new Error('Unable to decrypt the data!');
+        }
         final.set(messageTag.message, total);
         total += messageTag.message.byteLength;
         const percent = total / max;

package/dist/lib/crypto/domain.js

@@ -1,17 +1,128 @@
 import { encryptCryptoBox } from '.';
-import { sodium } from '../sodium';
-import { encryptSecretStream, secretStreamKeygen } from './data';
-export async function encryptName(name, nameKey) {
-    const { data } = await encryptSecretStream(sodium.from_hex(nameKey), sodium.from_string(name));
-    return sodium.to_hex(data);
+import { secretStreamKeygen } from './data';
+import { encrypt } from '../worker/sodium';
+import ky from 'ky';
+import { md5 } from '../worker/md5.js';
+import { promiseAllLimit } from '../utils/promise.js';
+import { concatenate } from '../utils/array.js';
+/**
+ * Encrypt the dataKey and the data as logged or guest user.
+ * If a string is provided as keypair, it should be considered as guest with password case.
+ * If keypair is not provided, then we generate a key to be used as password for guest too.
+ */
+export async function encryptDataAndKey({ data, keyPair, progress, signal, }) {
+    const dataKey = secretStreamKeygen();
+    const { data: encryptedData, md5: md5Data, md5Encrypted, } = await encrypt(dataKey, data, progress, signal);
+    if (!keyPair) {
+        return {
+            encryptedData,
+            dataKey,
+            md5Data,
+            md5Encrypted,
+        };
+    }
+    const encDataKey = encryptCryptoBox(dataKey, keyPair.publicKey, keyPair.privateKey);
+    return {
+        encryptedDataKey: encDataKey,
+        encryptedData,
+        dataKey,
+        md5Data,
+        md5Encrypted,
+    };
 }
-export async function generateAndEncryptNameAndKey(args) {
-    const nameKey = secretStreamKeygen();
-    const encryptedName = await encryptName(args.name, sodium.to_hex(nameKey));
-    const encryptedNameKey = sodium.to_hex(encryptCryptoBox(nameKey, args.publicKey, args.privateKey));
+const encryptedContentFromParts = async (arg) => {
+    const parts = {};
+    const byPart = async (part) => {
+        const buf = new Uint8Array(await ky
+            .get(part.contentUrl, {
+            timeout: false,
+            onDownloadProgress: (pr) => {
+                arg.onProgress(`${arg.dataId}-${part.order}`, pr);
+            },
+            signal: arg.signal,
+        })
+            .arrayBuffer());
+        const md5Part = await md5(buf);
+        if (md5Part !== part.md5) {
+            throw new Error(`Invalid md5 for part ${part.order} of data ${arg.dataId}`);
+        }
+        if (typeof parts[arg.dataId] === 'undefined') {
+            parts[arg.dataId] = [{ data: buf, order: part.order }];
+        }
+        else {
+            parts[arg.dataId].push({ data: buf, order: part.order });
+        }
+    };
+    await promiseAllLimit(3, arg.dataParts.map((p) => async () => byPart(p)));
+    return concatenate(...parts[arg.dataId].sort((a, b) => a.order - b.order).map((p) => p.data));
+};
+export async function buildBytesFromApiData({ dataContent, totalBytes, progressParts, onDownloadProgress, signal, }) {
+    const onProgress = (key, progressEvent) => {
+        progressParts[key] = progressEvent;
+        const transferredBytes = Object.values(progressParts).reduce((prv, cur) => prv + cur.transferredBytes, 0);
+        onDownloadProgress?.({
+            percent: transferredBytes / totalBytes,
+            totalBytes,
+            transferredBytes,
+        });
+    };
+    const encryptedContent = dataContent.type === 'lite'
+        ? new Uint8Array(dataContent.content)
+        : dataContent.type === 'cloud'
+            ? await encryptedContentFromParts({
+                dataId: dataContent.id,
+                dataParts: dataContent.parts,
+                onProgress,
+                signal,
+            })
+            : dataContent.maybeContent !== null
+                ? new Uint8Array(dataContent.maybeContent)
+                : dataContent.maybeParts !== null
+                    ? await encryptedContentFromParts({
+                        dataId: dataContent.id,
+                        dataParts: dataContent.maybeParts,
+                        onProgress,
+                        signal,
+                    })
+                    : null;
+    if (encryptedContent === null) {
+        throw `Can't find content for data ${dataContent.id}`;
+    }
+    const md5Encrypted = await md5(encryptedContent);
+    if (md5Encrypted !== dataContent.md5Encrypted) {
+        throw new Error(`Encrypted content does not match`);
+    }
     return {
-        nameKey,
-        encryptedName,
-        encryptedNameKey,
+        encryptedContent,
+    };
+}
+export async function buildBytesFromDataLink({ dataLink, totalBytes, onDownloadProgress, signal, }) {
+    const progressParts = {};
+    const onProgress = (key, progressEvent) => {
+        progressParts[key] = progressEvent;
+        const transferredBytes = Object.values(progressParts).reduce((prv, cur) => prv + cur.transferredBytes, 0);
+        onDownloadProgress?.({
+            percent: transferredBytes / totalBytes,
+            totalBytes,
+            transferredBytes,
+        });
     };
+    const bytes = 'bytes' in dataLink
+        ? Uint8Array.from(Buffer.from(dataLink.bytes, 'base64'))
+        : await encryptedContentFromParts({
+            dataId: Math.random().toString().slice(2, 10),
+            dataParts: dataLink.parts,
+            onProgress,
+            signal,
+        });
+    if (bytes === null) {
+        throw `Can't find content for data ${dataLink.name}`;
+    }
+    if (dataLink.md5Encrypted) {
+        const md5Encrypted = await md5(bytes);
+        if (md5Encrypted !== dataLink.md5Encrypted) {
+            throw new Error(`Encrypted content does not match`);
+        }
+    }
+    return bytes;
 }