@storacha/encrypt-upload-client 0.0.33 → 0.0.36
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +20 -7
- package/dist/config/constants.d.ts +1 -1
- package/dist/config/constants.js +1 -1
- package/dist/config/env.d.ts +0 -1
- package/dist/config/env.d.ts.map +1 -1
- package/dist/config/env.js +4 -3
- package/dist/config/service.d.ts.map +1 -1
- package/dist/config/service.js +4 -0
- package/dist/core/client.d.ts +2 -3
- package/dist/core/client.d.ts.map +1 -1
- package/dist/core/client.js +3 -4
- package/dist/crypto-adapters/browser-crypto-adapter.d.ts +42 -0
- package/dist/crypto-adapters/browser-crypto-adapter.d.ts.map +1 -0
- package/dist/crypto-adapters/browser-crypto-adapter.js +109 -0
- package/dist/crypto-adapters/node-crypto-adapter.d.ts +3 -3
- package/dist/crypto-adapters/node-crypto-adapter.d.ts.map +1 -1
- package/dist/crypto-adapters/node-crypto-adapter.js +5 -5
- package/dist/handlers/decrypt-handler.d.ts +2 -3
- package/dist/handlers/decrypt-handler.d.ts.map +1 -1
- package/dist/handlers/decrypt-handler.js +29 -12
- package/dist/handlers/encrypt-handler.js +11 -3
- package/dist/index.d.ts +0 -1
- package/dist/index.js +0 -1
- package/dist/protocols/lit.d.ts +10 -1
- package/dist/protocols/lit.d.ts.map +1 -1
- package/dist/protocols/lit.js +29 -1
- package/dist/types.d.ts +19 -4
- package/dist/types.d.ts.map +1 -1
- package/package.json +23 -10
package/README.md
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
|
|
4
4
|
## About
|
|
5
5
|
|
|
6
|
-
This library leverages
|
|
6
|
+
This library leverages `@storacha/cli` and `@lit-protocol/lit-node-client` to provide a simple interface for encrypting files with Lit Protocol and uploading them to the Storacha Network. It also enables anyone with a valid `space/content/decrypt` UCAN delegation to decrypt the file. With Lit Protocol, encryption keys are managed in a decentralized way, so you don't have to handle them yourself.
|
|
7
7
|
|
|
8
8
|
## Install
|
|
9
9
|
|
|
@@ -15,9 +15,9 @@ npm @storacha/encrypt-upload-client
|
|
|
15
15
|
|
|
16
16
|
## Usage
|
|
17
17
|
|
|
18
|
-
To use this library, you'll need to install `@storacha/cli` and `@lit-protocol/lit-node-client`, as they are required for initialization—though the Lit client is optional. You must also provide a crypto adapter that implements the `CryptoAdapter` interface. A ready-to-use Node.js crypto
|
|
18
|
+
To use this library, you'll need to install `@storacha/cli` and `@lit-protocol/lit-node-client`, as they are required for initialization—though the Lit client is optional. You must also provide a crypto adapter that implements the `CryptoAdapter` interface. A ready-to-use Node.js & Browser crypto adapters are available.
|
|
19
19
|
|
|
20
|
-
|
|
20
|
+
### CryptoAdapter Interface
|
|
21
21
|
|
|
22
22
|
```js
|
|
23
23
|
interface CryptoAdapter {
|
|
@@ -32,7 +32,7 @@ interface EncryptOutput {
|
|
|
32
32
|
}
|
|
33
33
|
```
|
|
34
34
|
|
|
35
|
-
|
|
35
|
+
### Node Usage
|
|
36
36
|
|
|
37
37
|
```js
|
|
38
38
|
const encryptedClient = await EncryptClient.create({
|
|
@@ -41,11 +41,24 @@ const encryptedClient = await EncryptClient.create({
|
|
|
41
41
|
})
|
|
42
42
|
```
|
|
43
43
|
|
|
44
|
+
### Browser Usage
|
|
45
|
+
|
|
46
|
+
For browser apps, use the `BrowserCryptoAdapter`:
|
|
47
|
+
|
|
48
|
+
```js
|
|
49
|
+
import { BrowserCryptoAdapter } from '@storacha/encrypt-upload-client/crypto-adapters/browser-crypto-adapter.js'
|
|
50
|
+
|
|
51
|
+
const encryptedClient = await EncryptClient.create({
|
|
52
|
+
storachaClient: client,
|
|
53
|
+
cryptoAdapter: new BrowserCryptoAdapter(),
|
|
54
|
+
})
|
|
55
|
+
```
|
|
56
|
+
|
|
44
57
|
### Encryption
|
|
45
58
|
|
|
46
|
-
The encryption process automatically generates a custom Access Control Condition (ACC) based on the current space setup in your Storacha client. It then creates a symmetric key to encrypt the file and uses Lit Protocol to encrypt that key, so you don
|
|
59
|
+
The encryption process automatically generates a custom Access Control Condition (ACC) based on the current space setup in your Storacha client. It then creates a symmetric key to encrypt the file and uses Lit Protocol to encrypt that key, so you don't have to manage it yourself. Once encrypted, both the file and the generated encrypted metadata are uploaded to Storacha.
|
|
47
60
|
|
|
48
|
-
#### Example
|
|
61
|
+
#### Encryption Example
|
|
49
62
|
|
|
50
63
|
```js
|
|
51
64
|
const fileContent = await fs.promises.readFile('./README.md')
|
|
@@ -61,7 +74,7 @@ To decrypt a file, you'll need the CID returned from `uploadEncryptedFile`, a UC
|
|
|
61
74
|
|
|
62
75
|
For details on minting Capacity Credits, check out the [official documentation](https://developer.litprotocol.com/concepts/capacity-credits-concept).
|
|
63
76
|
|
|
64
|
-
#### Example
|
|
77
|
+
#### Decryption Example
|
|
65
78
|
|
|
66
79
|
```js
|
|
67
80
|
const decryptedContent = await encryptedClient.retrieveAndDecryptFile(
|
package/dist/config/constants.js
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
export const STORACHA_LIT_ACTION_CID = '
|
|
1
|
+
export const STORACHA_LIT_ACTION_CID = 'QmWSLN9m2Noj3kp8rx76yfQ9U7U1Mzjj3kGVpCr891Mjn1';
|
|
2
2
|
export const GATEWAY_URL = new URL('https://w3s.link');
|
|
3
3
|
//# sourceMappingURL=constants.js.map
|
package/dist/config/env.d.ts
CHANGED
package/dist/config/env.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"env.d.ts","sourceRoot":"","sources":["../../src/config/env.js"],"names":[],"mappings":";
|
|
1
|
+
{"version":3,"file":"env.d.ts","sourceRoot":"","sources":["../../src/config/env.js"],"names":[],"mappings":";AAwBA;;;GAAsC;uBAvBf,cAAc"}
|
package/dist/config/env.js
CHANGED
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
import dotenv from 'dotenv';
|
|
2
2
|
import { Schema } from '@ucanto/core';
|
|
3
3
|
import { LIT_NETWORK } from '@lit-protocol/constants';
|
|
4
|
-
|
|
4
|
+
// Only load env variables if running in node
|
|
5
|
+
if (typeof window === 'undefined') {
|
|
6
|
+
dotenv.config();
|
|
7
|
+
}
|
|
5
8
|
const envSchema = Schema.struct({
|
|
6
|
-
WALLET_PK: Schema.text(),
|
|
7
9
|
LIT_NETWORK: Schema.enum([
|
|
8
10
|
LIT_NETWORK.Custom,
|
|
9
11
|
LIT_NETWORK.Datil,
|
|
@@ -15,7 +17,6 @@ const envSchema = Schema.struct({
|
|
|
15
17
|
const processEnv = {
|
|
16
18
|
LIT_DEBUG: process.env.LIT_DEBUG,
|
|
17
19
|
LIT_NETWORK: process.env.LIT_NETWORK,
|
|
18
|
-
WALLET_PK: process.env.WALLET_PK,
|
|
19
20
|
};
|
|
20
21
|
const env = envSchema.from(processEnv);
|
|
21
22
|
export default env;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"service.d.ts","sourceRoot":"","sources":["../../src/config/service.js"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"service.d.ts","sourceRoot":"","sources":["../../src/config/service.js"],"names":[],"mappings":"AAYA,mCAA2D;AAC3D,kFAAqE;AAErE,iEAIE;AAEF,mCAA2D;AAC3D,kFAAqE;AAErE,iEAIE;AAEF,qCAA6D;AAC7D,oFAAuE;AAEvE,mEAIE;AAEF,2DAA2D;AAC3D,0BADW,OAAO,wBAAwB,EAAE,WAAW,CAMtD;AAED,mCAAyE;wBA/CjD,gBAAgB"}
|
package/dist/config/service.js
CHANGED
|
@@ -4,6 +4,10 @@ import * as DID from '@ipld/dag-ucan/did';
|
|
|
4
4
|
import { gatewayServiceConnection } from '@storacha/client/service';
|
|
5
5
|
const storachaServiceURL = 'https://up.web3.storage';
|
|
6
6
|
const storachaPrincipalDID = 'did:web:web3.storage';
|
|
7
|
+
//TODO: Instead of declaring the service URL and principal here,
|
|
8
|
+
// import them from the w3up-client/service package.
|
|
9
|
+
// It needs to be done after the repo unification tasks is completed
|
|
10
|
+
// Because the DID Web is did:web:up.storacha.network
|
|
7
11
|
export const accessServiceURL = new URL(storachaServiceURL);
|
|
8
12
|
export const accessServicePrincipal = DID.parse(storachaPrincipalDID);
|
|
9
13
|
export const accessServiceConnection = client.connect({
|
package/dist/core/client.d.ts
CHANGED
|
@@ -37,14 +37,13 @@ export class EncryptedClient implements Type.EncryptedClient {
|
|
|
37
37
|
/**
|
|
38
38
|
* Retrieve and decrypt a file from the Storacha network
|
|
39
39
|
*
|
|
40
|
-
* @param {
|
|
40
|
+
* @param {Type.LitWalletSigner | Type.LitPkpSigner} signer - The wallet or PKP key signer to decrypt the file
|
|
41
41
|
* @param {Type.AnyLink} cid - The link to the file to retrieve
|
|
42
42
|
* @param {Uint8Array} delegationCAR - The delegation that gives permission to decrypt the file
|
|
43
43
|
* @returns {Promise<ReadableStream>} - The decrypted file
|
|
44
44
|
*/
|
|
45
|
-
retrieveAndDecryptFile(
|
|
45
|
+
retrieveAndDecryptFile(signer: Type.LitWalletSigner | Type.LitPkpSigner, cid: Type.AnyLink, delegationCAR: Uint8Array): Promise<ReadableStream>;
|
|
46
46
|
}
|
|
47
47
|
export function create(options: Type.EncryptedClientOptions): Promise<EncryptedClient>;
|
|
48
48
|
import * as Type from '../types.js';
|
|
49
|
-
import { Wallet } from 'ethers';
|
|
50
49
|
//# sourceMappingURL=client.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/core/client.js"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/core/client.js"],"names":[],"mappings":"AAMA,yCAAyC;AACzC,wCADiB,IAAI,CAAC,eAAe;IA0BnC;;;;;OAKG;IACH,4BALW,OAAO,kBAAkB,EAAE,MAAM,iBACjC,IAAI,CAAC,aAAa,aAClB,OAAO,+BAA+B,EAAE,aAAa,cACrD,GAAG,EAOb;IAnCD;;;OAGG;IACH,0BAHU,IAAI,CAAC,aAAa,CAGd;IAEd;;;OAGG;IACH,2BAHU,OAAO,kBAAkB,EAAE,MAAM,CAG5B;IAEf;;;OAGG;IACH,sBAHU,OAAO,+BAA+B,EAAE,aAAa,CAGrD;IAEV;;;OAGG;IACH,uBAHU,GAAG,CAGF;IAeX;;;;;OAKG;IACH,0BAHW,IAAI,CAAC,QAAQ,GACX,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CASjC;IAED;;;;;;;OAOG;IACH,+BALW,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,YAAY,OACxC,IAAI,CAAC,OAAO,iBACZ,UAAU,GACR,OAAO,CAAC,cAAc,CAAC,CAYnC;CACF;AAWM,gCAFI,IAAI,CAAC,sBAAsB,4BAcrC;sBAtGqB,aAAa"}
|
package/dist/core/client.js
CHANGED
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import { Wallet } from 'ethers';
|
|
2
1
|
import * as Type from '../types.js';
|
|
3
2
|
import { getLitClient } from '../protocols/lit.js';
|
|
4
3
|
import { GATEWAY_URL } from '../config/constants.js';
|
|
@@ -50,13 +49,13 @@ export class EncryptedClient {
|
|
|
50
49
|
/**
|
|
51
50
|
* Retrieve and decrypt a file from the Storacha network
|
|
52
51
|
*
|
|
53
|
-
* @param {
|
|
52
|
+
* @param {Type.LitWalletSigner | Type.LitPkpSigner} signer - The wallet or PKP key signer to decrypt the file
|
|
54
53
|
* @param {Type.AnyLink} cid - The link to the file to retrieve
|
|
55
54
|
* @param {Uint8Array} delegationCAR - The delegation that gives permission to decrypt the file
|
|
56
55
|
* @returns {Promise<ReadableStream>} - The decrypted file
|
|
57
56
|
*/
|
|
58
|
-
async retrieveAndDecryptFile(
|
|
59
|
-
return retrieveAndDecrypt(this._storachaClient, this._litClient, this._cryptoAdapter, this._gatewayURL,
|
|
57
|
+
async retrieveAndDecryptFile(signer, cid, delegationCAR) {
|
|
58
|
+
return retrieveAndDecrypt(this._storachaClient, this._litClient, this._cryptoAdapter, this._gatewayURL, signer, cid, delegationCAR);
|
|
60
59
|
}
|
|
61
60
|
}
|
|
62
61
|
/**
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* BrowserCryptoAdapter implements the CryptoAdapter interface for browser environments.
|
|
3
|
+
* It uses AES-CTR mode for encryption via the Web Crypto API.
|
|
4
|
+
*
|
|
5
|
+
* Why AES-CTR?
|
|
6
|
+
* - We use AES-CTR with pseudo-streaming (buffering chunks before emitting) for simplicity and streaming support.
|
|
7
|
+
* - AES-CTR allows chunked processing without padding, making it suitable for large files and browser environments.
|
|
8
|
+
* - The Web Crypto API supports AES-CTR natively in all modern browsers and in Node.js 19+ as globalThis.crypto.
|
|
9
|
+
* - For Node.js <19, you must polyfill globalThis.crypto (e.g., with `node --experimental-global-webcrypto` or a package like @peculiar/webcrypto).
|
|
10
|
+
* - This allows for processing large files in chunks with no padding issues found in other libraries such as node-forge.
|
|
11
|
+
*
|
|
12
|
+
* Note: This implementation is currently pseudo-streaming: it buffers all encrypted/decrypted chunks before emitting them as a stream.
|
|
13
|
+
* For true streaming (lower memory usage), we need to refactor it to emit each chunk as soon as it is processed.
|
|
14
|
+
*
|
|
15
|
+
* @class
|
|
16
|
+
* @implements {Type.CryptoAdapter}
|
|
17
|
+
*/
|
|
18
|
+
export class BrowserCryptoAdapter implements Type.CryptoAdapter {
|
|
19
|
+
generateKey(): Promise<Uint8Array<ArrayBuffer>>;
|
|
20
|
+
/**
|
|
21
|
+
* Encrypt a stream of data using AES-CTR (chunked, Web Crypto API).
|
|
22
|
+
*
|
|
23
|
+
* @param {Blob} data The data to encrypt.
|
|
24
|
+
* @returns {Promise<{ key: Uint8Array, iv: Uint8Array, encryptedStream: ReadableStream }>}
|
|
25
|
+
*/
|
|
26
|
+
encryptStream(data: Blob): Promise<{
|
|
27
|
+
key: Uint8Array;
|
|
28
|
+
iv: Uint8Array;
|
|
29
|
+
encryptedStream: ReadableStream;
|
|
30
|
+
}>;
|
|
31
|
+
/**
|
|
32
|
+
* Decrypt a stream of data using AES-CTR (chunked, Web Crypto API).
|
|
33
|
+
*
|
|
34
|
+
* @param {ReadableStream} encryptedData The encrypted data stream.
|
|
35
|
+
* @param {Uint8Array} key The encryption key.
|
|
36
|
+
* @param {Uint8Array} iv The initialization vector (counter).
|
|
37
|
+
* @returns {Promise<ReadableStream>} A stream of decrypted data.
|
|
38
|
+
*/
|
|
39
|
+
decryptStream(encryptedData: ReadableStream, key: Uint8Array, iv: Uint8Array): Promise<ReadableStream>;
|
|
40
|
+
}
|
|
41
|
+
import * as Type from '../types.js';
|
|
42
|
+
//# sourceMappingURL=browser-crypto-adapter.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"browser-crypto-adapter.d.ts","sourceRoot":"","sources":["../../src/crypto-adapters/browser-crypto-adapter.js"],"names":[],"mappings":"AAOA;;;;;;;;;;;;;;;;GAgBG;AACH,6CAFgB,IAAI,CAAC,aAAa;IAGhC,gDAEC;IAED;;;;;OAKG;IACH,oBAHW,IAAI,GACF,OAAO,CAAC;QAAE,GAAG,EAAE,UAAU,CAAC;QAAC,EAAE,EAAE,UAAU,CAAC;QAAC,eAAe,EAAE,cAAc,CAAA;KAAE,CAAC,CAoDzF;IAED;;;;;;;OAOG;IACH,6BALW,cAAc,OACd,UAAU,MACV,UAAU,GACR,OAAO,CAAC,cAAc,CAAC,CA8CnC;CACF;sBA5IqB,aAAa"}
|
|
@@ -0,0 +1,109 @@
|
|
|
1
|
+
import * as Type from '../types.js';
|
|
2
|
+
const ENCRYPTION_ALGORITHM = 'AES-CTR';
|
|
3
|
+
const KEY_LENGTH = 256; // bits
|
|
4
|
+
const IV_LENGTH = 16; // bytes (128 bits, used as counter)
|
|
5
|
+
const COUNTER_LENGTH = 64; // bits (Web Crypto API default for AES-CTR)
|
|
6
|
+
/**
|
|
7
|
+
* BrowserCryptoAdapter implements the CryptoAdapter interface for browser environments.
|
|
8
|
+
* It uses AES-CTR mode for encryption via the Web Crypto API.
|
|
9
|
+
*
|
|
10
|
+
* Why AES-CTR?
|
|
11
|
+
* - We use AES-CTR with pseudo-streaming (buffering chunks before emitting) for simplicity and streaming support.
|
|
12
|
+
* - AES-CTR allows chunked processing without padding, making it suitable for large files and browser environments.
|
|
13
|
+
* - The Web Crypto API supports AES-CTR natively in all modern browsers and in Node.js 19+ as globalThis.crypto.
|
|
14
|
+
* - For Node.js <19, you must polyfill globalThis.crypto (e.g., with `node --experimental-global-webcrypto` or a package like @peculiar/webcrypto).
|
|
15
|
+
* - This allows for processing large files in chunks with no padding issues found in other libraries such as node-forge.
|
|
16
|
+
*
|
|
17
|
+
* Note: This implementation is currently pseudo-streaming: it buffers all encrypted/decrypted chunks before emitting them as a stream.
|
|
18
|
+
* For true streaming (lower memory usage), we need to refactor it to emit each chunk as soon as it is processed.
|
|
19
|
+
*
|
|
20
|
+
* @class
|
|
21
|
+
* @implements {Type.CryptoAdapter}
|
|
22
|
+
*/
|
|
23
|
+
export class BrowserCryptoAdapter {
|
|
24
|
+
async generateKey() {
|
|
25
|
+
return globalThis.crypto.getRandomValues(new Uint8Array(KEY_LENGTH / 8));
|
|
26
|
+
}
|
|
27
|
+
/**
|
|
28
|
+
* Encrypt a stream of data using AES-CTR (chunked, Web Crypto API).
|
|
29
|
+
*
|
|
30
|
+
* @param {Blob} data The data to encrypt.
|
|
31
|
+
* @returns {Promise<{ key: Uint8Array, iv: Uint8Array, encryptedStream: ReadableStream }>}
|
|
32
|
+
*/
|
|
33
|
+
async encryptStream(data) {
|
|
34
|
+
const key = await this.generateKey();
|
|
35
|
+
const iv = globalThis.crypto.getRandomValues(new Uint8Array(IV_LENGTH));
|
|
36
|
+
const cryptoKey = await globalThis.crypto.subtle.importKey('raw', key, { name: ENCRYPTION_ALGORITHM }, false, ['encrypt', 'decrypt']);
|
|
37
|
+
const reader = data.stream().getReader();
|
|
38
|
+
let counter = new Uint8Array(iv); // Copy the IV for counter
|
|
39
|
+
let chunkIndex = 0;
|
|
40
|
+
/** @type {Uint8Array[]} */
|
|
41
|
+
const encryptedChunks = [];
|
|
42
|
+
// eslint-disable-next-line no-constant-condition
|
|
43
|
+
while (true) {
|
|
44
|
+
const { done, value } = await reader.read();
|
|
45
|
+
if (done)
|
|
46
|
+
break;
|
|
47
|
+
// Increment counter for each chunk
|
|
48
|
+
const chunkCounter = new Uint8Array(counter);
|
|
49
|
+
// For each chunk, increment the last byte of the counter
|
|
50
|
+
chunkCounter[chunkCounter.length - 1] += chunkIndex;
|
|
51
|
+
chunkIndex++;
|
|
52
|
+
const encrypted = new Uint8Array(await globalThis.crypto.subtle.encrypt({
|
|
53
|
+
name: ENCRYPTION_ALGORITHM,
|
|
54
|
+
counter: chunkCounter,
|
|
55
|
+
length: COUNTER_LENGTH,
|
|
56
|
+
}, cryptoKey, value));
|
|
57
|
+
encryptedChunks.push(encrypted);
|
|
58
|
+
}
|
|
59
|
+
const encryptedStream = new ReadableStream({
|
|
60
|
+
start(controller) {
|
|
61
|
+
for (const chunk of encryptedChunks) {
|
|
62
|
+
controller.enqueue(chunk);
|
|
63
|
+
}
|
|
64
|
+
controller.close();
|
|
65
|
+
},
|
|
66
|
+
});
|
|
67
|
+
return { key, iv, encryptedStream };
|
|
68
|
+
}
|
|
69
|
+
/**
|
|
70
|
+
* Decrypt a stream of data using AES-CTR (chunked, Web Crypto API).
|
|
71
|
+
*
|
|
72
|
+
* @param {ReadableStream} encryptedData The encrypted data stream.
|
|
73
|
+
* @param {Uint8Array} key The encryption key.
|
|
74
|
+
* @param {Uint8Array} iv The initialization vector (counter).
|
|
75
|
+
* @returns {Promise<ReadableStream>} A stream of decrypted data.
|
|
76
|
+
*/
|
|
77
|
+
async decryptStream(encryptedData, key, iv) {
|
|
78
|
+
const cryptoKey = await globalThis.crypto.subtle.importKey('raw', key, { name: ENCRYPTION_ALGORITHM }, false, ['encrypt', 'decrypt']);
|
|
79
|
+
const reader = encryptedData.getReader();
|
|
80
|
+
let counter = new Uint8Array(iv);
|
|
81
|
+
let chunkIndex = 0;
|
|
82
|
+
/** @type {Uint8Array[]} */
|
|
83
|
+
const decryptedChunks = [];
|
|
84
|
+
// eslint-disable-next-line no-constant-condition
|
|
85
|
+
while (true) {
|
|
86
|
+
const { done, value } = await reader.read();
|
|
87
|
+
if (done)
|
|
88
|
+
break;
|
|
89
|
+
const chunkCounter = new Uint8Array(counter);
|
|
90
|
+
chunkCounter[chunkCounter.length - 1] += chunkIndex;
|
|
91
|
+
chunkIndex++;
|
|
92
|
+
const decrypted = new Uint8Array(await globalThis.crypto.subtle.decrypt({
|
|
93
|
+
name: ENCRYPTION_ALGORITHM,
|
|
94
|
+
counter: chunkCounter,
|
|
95
|
+
length: COUNTER_LENGTH,
|
|
96
|
+
}, cryptoKey, value));
|
|
97
|
+
decryptedChunks.push(decrypted);
|
|
98
|
+
}
|
|
99
|
+
return new ReadableStream({
|
|
100
|
+
start(controller) {
|
|
101
|
+
for (const chunk of decryptedChunks) {
|
|
102
|
+
controller.enqueue(chunk);
|
|
103
|
+
}
|
|
104
|
+
controller.close();
|
|
105
|
+
},
|
|
106
|
+
});
|
|
107
|
+
}
|
|
108
|
+
}
|
|
109
|
+
//# sourceMappingURL=browser-crypto-adapter.js.map
|
|
@@ -1,17 +1,17 @@
|
|
|
1
1
|
/** @implements {Type.CryptoAdapter} */
|
|
2
2
|
export class NodeCryptoAdapter implements Type.CryptoAdapter {
|
|
3
3
|
/** @param {Type.BlobLike} data */
|
|
4
|
-
encryptStream(data: Type.BlobLike): {
|
|
4
|
+
encryptStream(data: Type.BlobLike): Promise<{
|
|
5
5
|
key: Buffer<ArrayBufferLike>;
|
|
6
6
|
iv: Buffer<ArrayBufferLike>;
|
|
7
7
|
encryptedStream: ReadableStream<any>;
|
|
8
|
-
}
|
|
8
|
+
}>;
|
|
9
9
|
/**
|
|
10
10
|
* @param {ReadableStream} encryptedData
|
|
11
11
|
* @param {Uint8Array} key
|
|
12
12
|
* @param {Uint8Array} iv
|
|
13
13
|
*/
|
|
14
|
-
decryptStream(encryptedData: ReadableStream, key: Uint8Array, iv: Uint8Array): ReadableStream<any
|
|
14
|
+
decryptStream(encryptedData: ReadableStream, key: Uint8Array, iv: Uint8Array): Promise<ReadableStream<any>>;
|
|
15
15
|
}
|
|
16
16
|
import * as Type from '../types.js';
|
|
17
17
|
//# sourceMappingURL=node-crypto-adapter.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"node-crypto-adapter.d.ts","sourceRoot":"","sources":["../../src/crypto-adapters/node-crypto-adapter.js"],"names":[],"mappings":"AAMA,uCAAuC;AACvC,0CADiB,IAAI,CAAC,aAAa;IAEjC,mCAAmC;IACnC,oBADY,IAAI,CAAC,QAAQ;;;;
|
|
1
|
+
{"version":3,"file":"node-crypto-adapter.d.ts","sourceRoot":"","sources":["../../src/crypto-adapters/node-crypto-adapter.js"],"names":[],"mappings":"AAMA,uCAAuC;AACvC,0CADiB,IAAI,CAAC,aAAa;IAEjC,mCAAmC;IACnC,oBADY,IAAI,CAAC,QAAQ;;;;OA+BxB;IAED;;;;OAIG;IACH,6BAJW,cAAc,OACd,UAAU,MACV,UAAU,gCA8BpB;CACF;sBAzEqB,aAAa"}
|
|
@@ -4,7 +4,7 @@ const ENCRYPTION_ALGORITHM = 'aes-256-cbc';
|
|
|
4
4
|
/** @implements {Type.CryptoAdapter} */
|
|
5
5
|
export class NodeCryptoAdapter {
|
|
6
6
|
/** @param {Type.BlobLike} data */
|
|
7
|
-
encryptStream(data) {
|
|
7
|
+
async encryptStream(data) {
|
|
8
8
|
const symmetricKey = randomBytes(32); // 256 bits for AES-256
|
|
9
9
|
const initializationVector = randomBytes(16); // 16 bytes for AES
|
|
10
10
|
const cipher = createCipheriv(ENCRYPTION_ALGORITHM, symmetricKey, initializationVector);
|
|
@@ -22,18 +22,18 @@ export class NodeCryptoAdapter {
|
|
|
22
22
|
}
|
|
23
23
|
},
|
|
24
24
|
});
|
|
25
|
-
return {
|
|
25
|
+
return Promise.resolve({
|
|
26
26
|
key: symmetricKey,
|
|
27
27
|
iv: initializationVector,
|
|
28
28
|
encryptedStream: data.stream().pipeThrough(encryptStream),
|
|
29
|
-
};
|
|
29
|
+
});
|
|
30
30
|
}
|
|
31
31
|
/**
|
|
32
32
|
* @param {ReadableStream} encryptedData
|
|
33
33
|
* @param {Uint8Array} key
|
|
34
34
|
* @param {Uint8Array} iv
|
|
35
35
|
*/
|
|
36
|
-
decryptStream(encryptedData, key, iv) {
|
|
36
|
+
async decryptStream(encryptedData, key, iv) {
|
|
37
37
|
const decipher = createDecipheriv(ENCRYPTION_ALGORITHM, key, iv);
|
|
38
38
|
const decryptor = new TransformStream({
|
|
39
39
|
async transform(chunk, controller) {
|
|
@@ -60,7 +60,7 @@ export class NodeCryptoAdapter {
|
|
|
60
60
|
}
|
|
61
61
|
},
|
|
62
62
|
});
|
|
63
|
-
return encryptedData.pipeThrough(decryptor);
|
|
63
|
+
return Promise.resolve(encryptedData.pipeThrough(decryptor));
|
|
64
64
|
}
|
|
65
65
|
}
|
|
66
66
|
//# sourceMappingURL=node-crypto-adapter.js.map
|
|
@@ -4,8 +4,7 @@
|
|
|
4
4
|
* @param {string} combinedKey
|
|
5
5
|
* @param {Uint8Array} content
|
|
6
6
|
*/
|
|
7
|
-
export function decryptFileWithKey(cryptoAdapter: Type.CryptoAdapter, combinedKey: string, content: Uint8Array): ReadableStream<any
|
|
8
|
-
export function retrieveAndDecrypt(storachaClient: import("@storacha/client").Client, litClient: import("@lit-protocol/lit-node-client").LitNodeClient, cryptoAdapter: Type.CryptoAdapter, gatewayURL: URL,
|
|
7
|
+
export function decryptFileWithKey(cryptoAdapter: Type.CryptoAdapter, combinedKey: string, content: Uint8Array): Promise<ReadableStream<any>>;
|
|
8
|
+
export function retrieveAndDecrypt(storachaClient: import("@storacha/client").Client, litClient: import("@lit-protocol/lit-node-client").LitNodeClient, cryptoAdapter: Type.CryptoAdapter, gatewayURL: URL, signer: Type.LitWalletSigner | Type.LitPkpSigner, cid: Type.AnyLink, delegationCAR: Uint8Array): Promise<ReadableStream<any>>;
|
|
9
9
|
import * as Type from '../types.js';
|
|
10
|
-
import { Wallet } from 'ethers';
|
|
11
10
|
//# sourceMappingURL=decrypt-handler.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"decrypt-handler.d.ts","sourceRoot":"","sources":["../../src/handlers/decrypt-handler.js"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"decrypt-handler.d.ts","sourceRoot":"","sources":["../../src/handlers/decrypt-handler.js"],"names":[],"mappings":"AAuGA;;;;;GAKG;AACH,kDALW,IAAI,CAAC,aAAa,eAElB,MAAM,WACN,UAAU,gCAuBpB;AA3GM,mDATI,OAAO,kBAAkB,EAAE,MAAM,aACjC,OAAO,+BAA+B,EAAE,aAAa,iBACrD,IAAI,CAAC,aAAa,cAElB,GAAG,UACH,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,YAAY,OACxC,IAAI,CAAC,OAAO,iBACZ,UAAU,gCAgFpB;sBA9FqB,aAAa"}
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import { Wallet } from 'ethers';
|
|
2
1
|
import { CID } from 'multiformats';
|
|
3
2
|
import { CarIndexer } from '@ipld/car';
|
|
4
3
|
import { exporter } from 'ipfs-unixfs-exporter';
|
|
@@ -9,33 +8,51 @@ import * as Type from '../types.js';
|
|
|
9
8
|
import * as EncryptedMetadata from '../core/encrypted-metadata.js';
|
|
10
9
|
import { createDecryptWrappedInvocation } from '../utils.js';
|
|
11
10
|
/**
|
|
11
|
+
* Retrieve and decrypt a file from the IPFS gateway.
|
|
12
12
|
*
|
|
13
13
|
* @param {import('@storacha/client').Client} storachaClient - The Storacha client
|
|
14
14
|
* @param {import('@lit-protocol/lit-node-client').LitNodeClient} litClient - The Lit client
|
|
15
15
|
* @param {Type.CryptoAdapter} cryptoAdapter - The crypto adapter responsible for performing
|
|
16
16
|
* encryption and decryption operations.
|
|
17
17
|
* @param {URL} gatewayURL - The IPFS gateway URL
|
|
18
|
-
* @param {
|
|
18
|
+
* @param {Type.LitWalletSigner | Type.LitPkpSigner} signer - The wallet or PKP key signer to decrypt the file
|
|
19
19
|
* @param {Type.AnyLink} cid - The link to the file to retrieve
|
|
20
20
|
* @param {Uint8Array} delegationCAR - The delegation that gives permission to decrypt the file
|
|
21
21
|
*/
|
|
22
|
-
export const retrieveAndDecrypt = async (storachaClient, litClient, cryptoAdapter, gatewayURL,
|
|
22
|
+
export const retrieveAndDecrypt = async (storachaClient, litClient, cryptoAdapter, gatewayURL, signer, cid, delegationCAR) => {
|
|
23
23
|
const encryptedMetadataCar = await getCarFileFromGateway(gatewayURL, cid.toString());
|
|
24
24
|
const { encryptedDataCID, identityBoundCiphertext, plaintextKeyHash, accessControlConditions, } = extractEncryptedMetadata(encryptedMetadataCar);
|
|
25
25
|
const spaceDID = /** @type {`did:key:${string}`} */ (accessControlConditions[0].parameters[1]);
|
|
26
26
|
const encryptedData = await getEncryptedDataFromCar(encryptedMetadataCar, encryptedDataCID);
|
|
27
|
+
if (!signer) {
|
|
28
|
+
throw new Error('Signer is required');
|
|
29
|
+
}
|
|
27
30
|
/**
|
|
28
31
|
* TODO: check if the wallet has capacity credits, if not get it
|
|
29
32
|
*/
|
|
33
|
+
const acc =
|
|
34
|
+
/** @type import('@lit-protocol/types').AccessControlConditions */ (
|
|
35
|
+
/** @type {unknown} */ (accessControlConditions));
|
|
36
|
+
const expiration = new Date(Date.now() + 1000 * 60 * 5).toISOString(); // 5 min
|
|
30
37
|
// TODO: store the session signature (https://developer.litprotocol.com/intro/first-request/generating-session-sigs#nodejs)
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
38
|
+
let sessionSigs;
|
|
39
|
+
if ('wallet' in signer) {
|
|
40
|
+
sessionSigs = await Lit.getSessionSigs(litClient, {
|
|
41
|
+
wallet: signer.wallet,
|
|
42
|
+
dataToEncryptHash: plaintextKeyHash,
|
|
43
|
+
expiration,
|
|
44
|
+
accessControlConditions: acc,
|
|
45
|
+
});
|
|
46
|
+
}
|
|
47
|
+
else {
|
|
48
|
+
sessionSigs = await Lit.getPkpSessionSigs(litClient, {
|
|
49
|
+
pkpPublicKey: signer.pkpPublicKey,
|
|
50
|
+
authMethod: signer.authMethod,
|
|
51
|
+
dataToEncryptHash: plaintextKeyHash,
|
|
52
|
+
expiration,
|
|
53
|
+
accessControlConditions: acc,
|
|
54
|
+
});
|
|
55
|
+
}
|
|
39
56
|
const wrappedInvocationJSON = await createDecryptWrappedInvocation({
|
|
40
57
|
delegationCAR,
|
|
41
58
|
spaceDID,
|
|
@@ -44,7 +61,7 @@ export const retrieveAndDecrypt = async (storachaClient, litClient, cryptoAdapte
|
|
|
44
61
|
audience: storachaClient.defaultProvider(),
|
|
45
62
|
expiration: new Date(Date.now() + 1000 * 60 * 10).getTime(), // 10 min
|
|
46
63
|
});
|
|
47
|
-
const decryptKey = await Lit.
|
|
64
|
+
const decryptKey = await Lit.executeUcanValidationAction(litClient, {
|
|
48
65
|
sessionSigs,
|
|
49
66
|
spaceDID,
|
|
50
67
|
identityBoundCiphertext,
|
|
@@ -29,9 +29,13 @@ export const encryptAndUpload = async (storachaClient, litClient, cryptoAdapter,
|
|
|
29
29
|
* @param {import('@storacha/client').Client} storachaClient - The Storacha client
|
|
30
30
|
* @param {Type.EncryptedPayload} encryptedPayload - The encrypted payload
|
|
31
31
|
* @param {import('@lit-protocol/types').AccessControlConditions} accessControlConditions - The access control conditions
|
|
32
|
+
* @param {object} [options] - The upload options
|
|
33
|
+
* @param {boolean} [options.publishToFilecoin] - Whether to publish the data to Filecoin
|
|
32
34
|
* @returns {Promise<Type.AnyLink>} - The link to the uploaded metadata
|
|
33
35
|
*/
|
|
34
|
-
const uploadEncryptedMetadata = async (storachaClient, encryptedPayload, accessControlConditions
|
|
36
|
+
const uploadEncryptedMetadata = async (storachaClient, encryptedPayload, accessControlConditions, options = {
|
|
37
|
+
publishToFilecoin: false,
|
|
38
|
+
}) => {
|
|
35
39
|
const { identityBoundCiphertext, plaintextKeyHash, encryptedBlobLike } = encryptedPayload;
|
|
36
40
|
return storachaClient.uploadCAR({
|
|
37
41
|
stream() {
|
|
@@ -51,7 +55,8 @@ const uploadEncryptedMetadata = async (storachaClient, encryptedPayload, accessC
|
|
|
51
55
|
encryptedDataCID: root.cid.toString(),
|
|
52
56
|
identityBoundCiphertext,
|
|
53
57
|
plaintextKeyHash,
|
|
54
|
-
accessControlConditions:
|
|
58
|
+
accessControlConditions:
|
|
59
|
+
/** @type {[Record<string, any>]} */ (
|
|
55
60
|
/** @type {unknown} */ (accessControlConditions)),
|
|
56
61
|
};
|
|
57
62
|
const encryptedMetadata = EncryptedMetadata.create(uploadData);
|
|
@@ -61,6 +66,9 @@ const uploadEncryptedMetadata = async (storachaClient, encryptedPayload, accessC
|
|
|
61
66
|
}))
|
|
62
67
|
.pipeThrough(new CARWriterStream());
|
|
63
68
|
},
|
|
69
|
+
}, {
|
|
70
|
+
// if publishToFilecoin is false, the data won't be published to Filecoin, so we need to set pieceHasher to undefined
|
|
71
|
+
...(options.publishToFilecoin === true ? {} : { pieceHasher: undefined }),
|
|
64
72
|
});
|
|
65
73
|
};
|
|
66
74
|
/**
|
|
@@ -74,7 +82,7 @@ const uploadEncryptedMetadata = async (storachaClient, encryptedPayload, accessC
|
|
|
74
82
|
* @returns {Promise<Type.EncryptedPayload>} - The encrypted file
|
|
75
83
|
*/
|
|
76
84
|
const encryptFile = async (litClient, cryptoAdapter, file, accessControlConditions) => {
|
|
77
|
-
const { key, iv, encryptedStream } = cryptoAdapter.encryptStream(file);
|
|
85
|
+
const { key, iv, encryptedStream } = await cryptoAdapter.encryptStream(file);
|
|
78
86
|
// Combine key and initializationVector for Lit encryption
|
|
79
87
|
const dataToEncrypt = base64.encode(new Uint8Array([...key, ...iv]));
|
|
80
88
|
const { ciphertext, dataToEncryptHash } = await Lit.encryptString({ dataToEncrypt, accessControlConditions }, litClient);
|
package/dist/index.d.ts
CHANGED
package/dist/index.js
CHANGED
package/dist/protocols/lit.d.ts
CHANGED
|
@@ -8,11 +8,20 @@ export function getLitClient(): Promise<LitNodeClient>;
|
|
|
8
8
|
* @returns {Promise<import('@lit-protocol/types').SessionSigsMap>}
|
|
9
9
|
*/
|
|
10
10
|
export function getSessionSigs(litClient: LitNodeClient, { wallet, accessControlConditions, dataToEncryptHash, expiration, capabilityAuthSigs, }: Type.SessionSignatureOptions): Promise<import("@lit-protocol/types").SessionSigsMap>;
|
|
11
|
+
/**
|
|
12
|
+
* Get session signatures for a PKP key and auth method.
|
|
13
|
+
* There is not need to execute the auth callback for this function, because the auth method provided.
|
|
14
|
+
*
|
|
15
|
+
* @param {LitNodeClient} litClient
|
|
16
|
+
* @param {Type.PkpSessionSignatureOptions} options
|
|
17
|
+
* @returns {Promise<import('@lit-protocol/types').SessionSigsMap>}
|
|
18
|
+
*/
|
|
19
|
+
export function getPkpSessionSigs(litClient: LitNodeClient, { pkpPublicKey, authMethod, accessControlConditions, dataToEncryptHash, expiration, capabilityAuthSigs, }: Type.PkpSessionSignatureOptions): Promise<import("@lit-protocol/types").SessionSigsMap>;
|
|
11
20
|
export { encryptString } from "@lit-protocol/encryption";
|
|
12
21
|
export function getAccessControlConditions(spaceDID: import("@ucanto/core/schema").Schema<`did:key:${string}` & `did:${string}` & import("multiformats").Phantom<{
|
|
13
22
|
protocol: "did:";
|
|
14
23
|
}>, any>): import("@lit-protocol/types").AccessControlConditions;
|
|
15
|
-
export function
|
|
24
|
+
export function executeUcanValidationAction(litClient: LitNodeClient, options: Type.ExecuteUcanValidationOptions): Promise<any>;
|
|
16
25
|
import { LitNodeClient } from '@lit-protocol/lit-node-client';
|
|
17
26
|
import * as Type from '../types.js';
|
|
18
27
|
//# sourceMappingURL=lit.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"lit.d.ts","sourceRoot":"","sources":["../../src/protocols/lit.js"],"names":[],"mappings":"AAsCA;;GAEG;AACH,uDAQC;AAED;;;;GAIG;AACH,0CAJW,aAAa,2FACb,IAAI,CAAC,uBAAuB,GAC1B,OAAO,CAAC,OAAO,qBAAqB,EAAE,cAAc,CAAC,CAsDjE;;
|
|
1
|
+
{"version":3,"file":"lit.d.ts","sourceRoot":"","sources":["../../src/protocols/lit.js"],"names":[],"mappings":"AAsCA;;GAEG;AACH,uDAQC;AAED;;;;GAIG;AACH,0CAJW,aAAa,2FACb,IAAI,CAAC,uBAAuB,GAC1B,OAAO,CAAC,OAAO,qBAAqB,EAAE,cAAc,CAAC,CAsDjE;AAED;;;;;;;GAOG;AACH,6CAJW,aAAa,6GACb,IAAI,CAAC,0BAA0B,GAC7B,OAAO,CAAC,OAAO,qBAAqB,EAAE,cAAc,CAAC,CAqCjE;;AAnIM;;WAFM,OAAO,qBAAqB,EAAE,uBAAuB,CAgBjE;AA6HM,uDAJI,aAAa,WACb,IAAI,CAAC,4BAA4B,gBA4B3C;8BA1L6B,+BAA+B;sBAUvC,aAAa"}
|
package/dist/protocols/lit.js
CHANGED
|
@@ -76,13 +76,41 @@ export async function getSessionSigs(litClient, { wallet, accessControlCondition
|
|
|
76
76
|
});
|
|
77
77
|
return sessionSigs;
|
|
78
78
|
}
|
|
79
|
+
/**
|
|
80
|
+
* Get session signatures for a PKP key and auth method.
|
|
81
|
+
* There is not need to execute the auth callback for this function, because the auth method provided.
|
|
82
|
+
*
|
|
83
|
+
* @param {LitNodeClient} litClient
|
|
84
|
+
* @param {Type.PkpSessionSignatureOptions} options
|
|
85
|
+
* @returns {Promise<import('@lit-protocol/types').SessionSigsMap>}
|
|
86
|
+
*/
|
|
87
|
+
export async function getPkpSessionSigs(litClient, { pkpPublicKey, authMethod, accessControlConditions, dataToEncryptHash, expiration, capabilityAuthSigs, }) {
|
|
88
|
+
const accsResourceString = await LitAccessControlConditionResource.generateResourceString(accessControlConditions, dataToEncryptHash);
|
|
89
|
+
const sessionSigs = await litClient.getPkpSessionSigs({
|
|
90
|
+
pkpPublicKey,
|
|
91
|
+
authMethods: [authMethod],
|
|
92
|
+
resourceAbilityRequests: [
|
|
93
|
+
{
|
|
94
|
+
resource: new LitAccessControlConditionResource(accsResourceString),
|
|
95
|
+
ability: LIT_ABILITY.AccessControlConditionDecryption,
|
|
96
|
+
},
|
|
97
|
+
{
|
|
98
|
+
resource: new LitActionResource('*'),
|
|
99
|
+
ability: LIT_ABILITY.LitActionExecution,
|
|
100
|
+
},
|
|
101
|
+
],
|
|
102
|
+
expiration,
|
|
103
|
+
capabilityAuthSigs,
|
|
104
|
+
});
|
|
105
|
+
return sessionSigs;
|
|
106
|
+
}
|
|
79
107
|
/**
|
|
80
108
|
*
|
|
81
109
|
* @param {LitNodeClient} litClient
|
|
82
110
|
* @param {Type.ExecuteUcanValidationOptions} options
|
|
83
111
|
* @returns
|
|
84
112
|
*/
|
|
85
|
-
export const
|
|
113
|
+
export const executeUcanValidationAction = async (litClient, options) => {
|
|
86
114
|
const { sessionSigs, ...jsParams } = options;
|
|
87
115
|
const litActionResponse = await litClient.executeJs({
|
|
88
116
|
ipfsId: STORACHA_LIT_ACTION_CID,
|
package/dist/types.d.ts
CHANGED
|
@@ -3,7 +3,7 @@ import { UnknownLink } from 'multiformats';
|
|
|
3
3
|
import { Client as StorachaClient } from '@storacha/client';
|
|
4
4
|
import { Result, Failure, Block } from '@ucanto/interface';
|
|
5
5
|
import { LitNodeClient } from '@lit-protocol/lit-node-client';
|
|
6
|
-
import { AccessControlConditions, AuthSig, SessionSigsMap } from '@lit-protocol/types';
|
|
6
|
+
import { AccessControlConditions, AuthMethod, AuthSig, SessionSigsMap } from '@lit-protocol/types';
|
|
7
7
|
import type { BlobLike, AnyLink, Signer, DID, SigAlg } from '@storacha/client/types';
|
|
8
8
|
export type { IPLDBlock } from '@ucanto/interface';
|
|
9
9
|
export type { SpaceDID } from '@storacha/capabilities/utils';
|
|
@@ -12,7 +12,7 @@ export type { Result, UnknownLink };
|
|
|
12
12
|
export type { BlobLike, AnyLink };
|
|
13
13
|
export interface EncryptedClient {
|
|
14
14
|
uploadEncryptedFile(file: BlobLike): Promise<AnyLink>;
|
|
15
|
-
retrieveAndDecryptFile(
|
|
15
|
+
retrieveAndDecryptFile(signer: LitWalletSigner | LitPkpSigner, cid: AnyLink, delegationCAR: Uint8Array): Promise<ReadableStream>;
|
|
16
16
|
}
|
|
17
17
|
export type EncryptedClientOptions = {
|
|
18
18
|
storachaClient: StorachaClient;
|
|
@@ -21,8 +21,8 @@ export type EncryptedClientOptions = {
|
|
|
21
21
|
gatewayURL?: URL;
|
|
22
22
|
};
|
|
23
23
|
export interface CryptoAdapter {
|
|
24
|
-
encryptStream(data: BlobLike): EncryptOutput
|
|
25
|
-
decryptStream(encryptedData: ReadableStream, key: Uint8Array, iv: Uint8Array): ReadableStream
|
|
24
|
+
encryptStream(data: BlobLike): Promise<EncryptOutput>;
|
|
25
|
+
decryptStream(encryptedData: ReadableStream, key: Uint8Array, iv: Uint8Array): Promise<ReadableStream>;
|
|
26
26
|
}
|
|
27
27
|
export interface EncryptOutput {
|
|
28
28
|
key: Uint8Array;
|
|
@@ -63,6 +63,21 @@ export interface SessionSignatureOptions {
|
|
|
63
63
|
expiration?: string;
|
|
64
64
|
capabilityAuthSigs?: AuthSig[];
|
|
65
65
|
}
|
|
66
|
+
export interface PkpSessionSignatureOptions {
|
|
67
|
+
pkpPublicKey: string;
|
|
68
|
+
authMethod: AuthMethod;
|
|
69
|
+
accessControlConditions: AccessControlConditions;
|
|
70
|
+
dataToEncryptHash: string;
|
|
71
|
+
expiration?: string;
|
|
72
|
+
capabilityAuthSigs?: AuthSig[];
|
|
73
|
+
}
|
|
74
|
+
export interface LitPkpSigner {
|
|
75
|
+
pkpPublicKey: string;
|
|
76
|
+
authMethod: AuthMethod;
|
|
77
|
+
}
|
|
78
|
+
export interface LitWalletSigner {
|
|
79
|
+
wallet: Wallet;
|
|
80
|
+
}
|
|
66
81
|
export interface CreateDecryptWrappedInvocationOptions {
|
|
67
82
|
delegationCAR: Uint8Array;
|
|
68
83
|
issuer: Signer<DID, SigAlg>;
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAC/B,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;AAC1C,OAAO,EAAE,MAAM,IAAI,cAAc,EAAE,MAAM,kBAAkB,CAAA;AAC3D,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,mBAAmB,CAAA;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAA;AAC7D,OAAO,EACL,uBAAuB,EACvB,OAAO,EACP,cAAc,EACf,MAAM,qBAAqB,CAAA;AAC5B,OAAO,KAAK,EACV,QAAQ,EACR,OAAO,EACP,MAAM,EACN,GAAG,EACH,MAAM,EACP,MAAM,wBAAwB,CAAA;AAE/B,YAAY,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAA;AAClD,YAAY,EAAE,QAAQ,EAAE,MAAM,8BAA8B,CAAA;AAC5D,YAAY,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAA;AACjE,YAAY,EAAE,MAAM,EAAE,WAAW,EAAE,CAAA;AACnC,YAAY,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAA;AAEjC,MAAM,WAAW,eAAe;IAC9B,mBAAmB,CAAC,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IACrD,sBAAsB,CACpB,MAAM,EAAE,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAC/B,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;AAC1C,OAAO,EAAE,MAAM,IAAI,cAAc,EAAE,MAAM,kBAAkB,CAAA;AAC3D,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,mBAAmB,CAAA;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAA;AAC7D,OAAO,EACL,uBAAuB,EACvB,UAAU,EACV,OAAO,EACP,cAAc,EACf,MAAM,qBAAqB,CAAA;AAC5B,OAAO,KAAK,EACV,QAAQ,EACR,OAAO,EACP,MAAM,EACN,GAAG,EACH,MAAM,EACP,MAAM,wBAAwB,CAAA;AAE/B,YAAY,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAA;AAClD,YAAY,EAAE,QAAQ,EAAE,MAAM,8BAA8B,CAAA;AAC5D,YAAY,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAA;AACjE,YAAY,EAAE,MAAM,EAAE,WAAW,EAAE,CAAA;AACnC,YAAY,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAA;AAEjC,MAAM,WAAW,eAAe;IAC9B,mBAAmB,CAAC,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IACrD,sBAAsB,CACpB,MAAM,EAAE,eAAe,GAAG,YAAY,EACtC,GAAG,EAAE,OAAO,EACZ,aAAa,EAAE,UAAU,GACxB,OAAO,CAAC,cAAc,CAAC,CAAA;CAC3B;AAED,MAAM,MAAM,sBAAsB,GAAG;IACnC,cAAc,EAAE,cAAc,CAAA;IAC9B,aAAa,EAAE,aAAa,CAAA;IAC5B,SAAS,CAAC,EAAE,aAAa,CAAA;IACzB,UAAU,CAAC,EAAE,GAAG,CAAA;CACjB,CAAA;AAED,MAAM,WAAW,aAAa;IAC5B,aAAa,CAAC,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC,aAAa,CAAC,CAAA;IACrD,aAAa,CACX,aAAa,EAAE,cAAc,EAC7B,GAAG,EAAE,UAAU,EACf,EAAE,EAAE,UAAU,GACb,OAAO,CAAC,cAAc,CAAC,CAAA;CAC3B;AAED,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,UAAU,CAAA;IACf,EAAE,EAAE,UAAU,CAAA;IACd,eAAe,EAAE,cAAc,CAAA;CAChC;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,uBAAuB,EAAE,MAAM,CAAA;IAC/B,gBAAgB,EAAE,MAAM,CAAA;IACxB,iBAAiB,EAAE,QAAQ,CAAA;CAC5B,CAAA;AAED,MAAM,MAAM,6BAA6B,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAA;AAEjE,MAAM,WAAW,sBAAsB;IACrC,gBAAgB,EAAE,MAAM,CAAA;IACxB,uBAAuB,EAAE,MAAM,CAAA;IAC/B,gBAAgB,EAAE,MAAM,CAAA;IACxB,uBAAuB,EAAE,6BAA6B,CAAA;CACvD;AAED,MAAM,WAAW,iBAAiB;IAChC,gBAAgB,EAAE,WAAW,CAAA;IAC7B,uBAAuB,EAAE,UAAU,CAAA;IACnC,gBAAgB,EAAE,UAAU,CAAA;IAC5B,uBAAuB,EAAE,6BAA6B,CAAA;CACvD;AAED,MAAM,WAAW,qBAAsB,SAAQ,iBAAiB;IAC9D,+BAA+B;IAC/B,OAAO,IAAI,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAA;IACtC,YAAY,IAAI,OAAO,CAAC,KAAK,CAAC,CAAA;IAC9B,MAAM,IAAI,sBAAsB,CAAA;CACjC;AAED,MAAM,WAAW,aAAc,SAAQ,OAAO;IAC5C,IAAI,EAAE,eAAe,CAAA;CACtB;AAED,MAAM,WAAW,uBAAuB;IACtC,MAAM,EAAE,MAAM,CAAA;IACd,uBAAuB,EAAE,uBAAuB,CAAA;IAChD,iBAAiB,EAAE,MAAM,CAAA;IACzB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,kBAAkB,CAAC,EAAE,OAAO,EAAE,CAAA;CAC/B;AAED,MAAM,WAAW,0BAA0B;IACzC,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAE,UAAU,CAAA;IACtB,uBAAuB,EAAE,uBAAuB,CAAA;IAChD,iBAAiB,EAAE,MAAM,CAAA;IACzB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,kBAAkB,CAAC,EAAE,OAAO,EAAE,CAAA;CAC/B;AAED,MAAM,WAAW,YAAY;IAC3B,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAE,UAAU,CAAA;CACvB;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAA;CACf;AAED,MAAM,WAAW,qCAAqC;IACpD,aAAa,EAAE,UAAU,CAAA;IACzB,MAAM,EAAE,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;IAC3B,QAAQ,EAAE,OAAO,MAAM,IAAI,MAAM,EAAE,CAAA;IACnC,QAAQ,EAAE,WAAW,MAAM,EAAE,CAAA;IAC7B,WAAW,EAAE,OAAO,CAAA;IACpB,UAAU,EAAE,MAAM,CAAA;CACnB;AAED,MAAM,WAAW,4BAA4B;IAC3C,WAAW,EAAE,cAAc,CAAA;IAC3B,QAAQ,EAAE,WAAW,MAAM,EAAE,CAAA;IAC7B,uBAAuB,EAAE,MAAM,CAAA;IAC/B,gBAAgB,EAAE,MAAM,CAAA;IACxB,uBAAuB,EAAE,uBAAuB,CAAA;IAChD,qBAAqB,EAAE,MAAM,CAAA;CAC9B"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@storacha/encrypt-upload-client",
|
|
3
3
|
"type": "module",
|
|
4
|
-
"version": "0.0.
|
|
4
|
+
"version": "0.0.36",
|
|
5
5
|
"license": "Apache-2.0 OR MIT",
|
|
6
6
|
"description": "Client for upload and download encrypted files",
|
|
7
7
|
"author": "Storacha",
|
|
@@ -34,12 +34,24 @@
|
|
|
34
34
|
],
|
|
35
35
|
"exports": {
|
|
36
36
|
".": {
|
|
37
|
-
"
|
|
38
|
-
"
|
|
37
|
+
"import": "./dist/index.js",
|
|
38
|
+
"require": "./dist/index.js"
|
|
39
39
|
},
|
|
40
|
-
"./
|
|
41
|
-
"
|
|
42
|
-
"
|
|
40
|
+
"./node": {
|
|
41
|
+
"import": "./dist/crypto-adapters/node-crypto-adapter.js",
|
|
42
|
+
"require": "./dist/crypto-adapters/node-crypto-adapter.js"
|
|
43
|
+
},
|
|
44
|
+
"./browser": {
|
|
45
|
+
"import": "./dist/crypto-adapters/browser-crypto-adapter.js",
|
|
46
|
+
"require": "./dist/crypto-adapters/browser-crypto-adapter.js"
|
|
47
|
+
},
|
|
48
|
+
"./crypto-adapters/browser-crypto-adapter": {
|
|
49
|
+
"import": "./dist/crypto-adapters/browser-crypto-adapter.js",
|
|
50
|
+
"types": "./dist/crypto-adapters/browser-crypto-adapter.d.ts"
|
|
51
|
+
},
|
|
52
|
+
"./crypto-adapters/node-crypto-adapter": {
|
|
53
|
+
"import": "./dist/crypto-adapters/node-crypto-adapter.js",
|
|
54
|
+
"types": "./dist/crypto-adapters/node-crypto-adapter.d.ts"
|
|
43
55
|
},
|
|
44
56
|
"./types": "./dist/types.js"
|
|
45
57
|
},
|
|
@@ -68,9 +80,9 @@
|
|
|
68
80
|
"ethers": "5.7.1",
|
|
69
81
|
"ipfs-unixfs-exporter": "^10.0.0",
|
|
70
82
|
"multiformats": "^13.3.3",
|
|
71
|
-
"@storacha/
|
|
72
|
-
"@storacha/client": "^1.
|
|
73
|
-
"@storacha/
|
|
83
|
+
"@storacha/upload-client": "^1.2.4",
|
|
84
|
+
"@storacha/client": "^1.4.1",
|
|
85
|
+
"@storacha/capabilities": "^1.7.0"
|
|
74
86
|
},
|
|
75
87
|
"devDependencies": {
|
|
76
88
|
"@lit-protocol/types": "^7.0.8",
|
|
@@ -123,6 +135,7 @@
|
|
|
123
135
|
"lint:fix": "tsc --build && eslint '**/*.{js,ts}' --fix && prettier --write '**/*.{js,ts,yml,json}' --ignore-path ../../.gitignore",
|
|
124
136
|
"build-actions": "node lit-actions/esbuild.js",
|
|
125
137
|
"attw": "attw --pack .",
|
|
126
|
-
"rc": "npm version prerelease --preid rc"
|
|
138
|
+
"rc": "npm version prerelease --preid rc",
|
|
139
|
+
"test": "node --test test/*.spec.js"
|
|
127
140
|
}
|
|
128
141
|
}
|