@tinycloud/node-sdk 2.4.0-beta.3 → 2.4.0-beta.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{core-ClOKiSR_.d.cts → core-BSQqoLAd.d.cts} +3 -1
- package/dist/{core-ClOKiSR_.d.ts → core-BSQqoLAd.d.ts} +3 -1
- package/dist/core.cjs +73 -23
- package/dist/core.cjs.map +1 -1
- package/dist/core.d.cts +1 -1
- package/dist/core.d.ts +1 -1
- package/dist/core.js +80 -27
- package/dist/core.js.map +1 -1
- package/dist/index.cjs +73 -23
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +84 -31
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.d.cts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { ISigner, Bytes, IWasmBindings, ISessionManager } from '@tinycloud/sdk-core';
|
|
2
2
|
export { ACCOUNT_REGISTRY_PATH, ACCOUNT_REGISTRY_SPACE, AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, BuildCanonicalDecryptRequestInput, BuildDecryptFactsInput, BuildDecryptInvocationInput, BuiltDecryptInvocation, CallbackStrategy, CanonicalAddress, CanonicalDecryptRequest, CanonicalJson, CanonicalParsedNetworkId, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, ComposeManifestOptions, ComposedManifestRequest, CreateDelegationParams, DECRYPT_ACTION, DECRYPT_FACT_TYPE, DECRYPT_RESULT_TYPE, DEFAULT_ENCRYPTION_ALG, DEFAULT_KEY_VERSION, DEFAULT_MANIFEST_SPACE, DEFAULT_MANIFEST_VERSION, DEFAULT_SIGNED_READ_URL_EXPIRY_MS, DataVaultConfig, DataVaultService, DatabaseHandle, DecryptCapabilityProof, DecryptEnvelopeOptions, DecryptInvocationFact, DecryptInvocationSigner, DecryptRequestBody, DecryptResponseBody, DecryptTransport, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DidCacheKeyOptions, DidEqualsOptions, DiscoverNetworkInput, DiscoveredNetwork, DiscoverySource, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, ENCRYPTION_NETWORK_URN_PREFIX, ENCRYPTION_SERVICE, ENCRYPTION_SERVICE_SHORT, ENVELOPE_VERSION, EncodedShareData, EncryptToNetworkInput, EncryptToNetworkOptions, EncryptToNetworkResult, EncryptionCrypto, EncryptionError, EncryptionErrorInput, EncryptionService, EncryptionServiceConfig, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, HookEvent, HookServiceName, HookStreamEvent, HookSubscription, HookWebhookListOptions, HookWebhookRecord, HookWebhookRegistration, HookWebhookScope, HookWebhookUnregisterOptions, HooksService, HooksServiceConfig, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IEncryptionService, IHooksService, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISecretsService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IdentityParseError, IngestOptions, InlineEncryptedEnvelope, InvokeFunction, JWK, KVCreateSignedReadUrlOptions, KVResponse, KVService, KVServiceConfig, KVSignedReadUrlResponse, KeyInfo, KeyProvider, KeyType, Manifest, ManifestDefaults, ManifestRegistryRecord, ManifestSecretActions, ManifestValidationError, NETWORK_NAME_PATTERN, NetworkDescriptor, NetworkIdError, NodeDescriptorFetcher, ParsedNetworkId, PermissionEntry, PermissionNotInManifestError, PersistedSessionData, PkhDidParts, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, RandomReceiverKeyInput, ReceiveOptions, ReceiverKeyPair, ReceiverKeySigner, ResolvedCapabilities, ResolvedDelegate, ResolvedSecretPath, ResourceCapability, SECRET_NAME_RE, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, SecretPayload, SecretScopeOptions, SecretsError, SecretsService, ServiceContext, ServiceContextConfig, ServiceSession, SessionExpiredError, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignInOptions, SignRequest, SignResponse, SignedReceiverKeyInput, SilentNotificationHandler, Space, SpaceAbilitiesMap, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, SubscribeOptions, TableInfo, TelemetryConfig, TelemetryEventHandler, TinyCloud, TinyCloudConfig, TinyCloudSession, UnsupportedFeatureError, VAULT_PERMISSION_SERVICE, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VerifyDecryptResponseInput, VersionCheckError, ViewInfo, WasmVaultFunctions, WellKnownDescriptorFetcher, addressStorageKey, buildCanonicalDecryptRequest, buildDecryptAttenuation, buildDecryptFacts, buildDecryptInvocation, buildNetworkId, buildSpaceUri, canonicalHashHex, canonicalSignedResponse, canonicalizeAddress, canonicalizeDid, canonicalizeDidUrl, canonicalizeEncryptionJson, canonicalizeNetworkId, canonicalizeSecretScope, checkDecryptInvocationInput, checkNodeInfo, composeManifestRequest, createCapabilityKeyRegistry, createSharingService, createSpaceService, createVaultCrypto, decryptEnvelopeWithKey, defaultSpaceCreationHandler, deriveSignedReceiverKey, didCacheKey, didEquals, discoverNetwork, encryptToNetwork, encryptionBase64Decode, encryptionBase64Encode, encryptionError, encryptionUtf8Decode, encryptionUtf8Encode, ensureNetworkUsableForDecrypt, expandActionShortNames, expandPermissionEntries, expandPermissionEntry, generateRandomReceiverKey, hexDecode, hexEncode, isCapabilitySubset, isEvmAddress, isNetworkId, loadManifest, makePkhSpaceId, makePublicSpaceId, networkDiscoveryKey, openWrappedKey, parseCanonicalNetworkId, parseExpiry, parseNetworkId, parsePkhDid, parseSpaceUri, pkhDid, principalDid, principalDidEquals, resolveManifest, resolveSecretListPrefix, resolveSecretPath, resourceCapabilitiesToSpaceAbilitiesMap, validateEnvelope, validateManifest, verifyDecryptResponse } from '@tinycloud/sdk-core';
|
|
3
|
-
export { A as AuthDelegationArtifact, a as AuthRequestArtifact, D as DelegateToOptions, b as DelegateToResult, c as DelegatedAccess, d as DelegationAuthority, F as FileSessionStorage, M as MemorySessionStorage, N as NodeEventEmitterStrategy, e as NodeUserAuthorization, f as NodeUserAuthorizationConfig, P as PortableDelegation, R as RestorableSession, g as RuntimePermissionGrantOptions, S as SignStrategy, T as TinyCloudNode, h as TinyCloudNodeConfig, W as WasmKeyProvider, i as WasmKeyProviderConfig, j as createWasmKeyProvider, k as defaultSignStrategy, l as deserializeDelegation, m as grantAuthRequest, s as serializeDelegation } from './core-
|
|
3
|
+
export { A as AuthDelegationArtifact, a as AuthRequestArtifact, D as DelegateToOptions, b as DelegateToResult, c as DelegatedAccess, d as DelegationAuthority, F as FileSessionStorage, M as MemorySessionStorage, N as NodeEventEmitterStrategy, e as NodeUserAuthorization, f as NodeUserAuthorizationConfig, P as PortableDelegation, R as RestorableSession, g as RuntimePermissionGrantOptions, S as SignStrategy, T as TinyCloudNode, h as TinyCloudNodeConfig, W as WasmKeyProvider, i as WasmKeyProviderConfig, j as createWasmKeyProvider, k as defaultSignStrategy, l as deserializeDelegation, m as grantAuthRequest, s as serializeDelegation } from './core-BSQqoLAd.cjs';
|
|
4
4
|
import { invoke, invokeAny, computeCid, prepareSession, completeSessionSetup, ensureEip55, makeSpaceId, createDelegation, parseRecapFromSiwe, generateHostSIWEMessage, siweToDelegationHeaders, protocolVersion, vault_encrypt, vault_decrypt, vault_derive_key, vault_x25519_from_seed, vault_x25519_dh, vault_random_bytes, vault_sha256 } from '@tinycloud/node-sdk-wasm';
|
|
5
5
|
import 'events';
|
|
6
6
|
import '@tinycloud/sdk-services';
|
package/dist/index.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { ISigner, Bytes, IWasmBindings, ISessionManager } from '@tinycloud/sdk-core';
|
|
2
2
|
export { ACCOUNT_REGISTRY_PATH, ACCOUNT_REGISTRY_SPACE, AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, BuildCanonicalDecryptRequestInput, BuildDecryptFactsInput, BuildDecryptInvocationInput, BuiltDecryptInvocation, CallbackStrategy, CanonicalAddress, CanonicalDecryptRequest, CanonicalJson, CanonicalParsedNetworkId, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, ComposeManifestOptions, ComposedManifestRequest, CreateDelegationParams, DECRYPT_ACTION, DECRYPT_FACT_TYPE, DECRYPT_RESULT_TYPE, DEFAULT_ENCRYPTION_ALG, DEFAULT_KEY_VERSION, DEFAULT_MANIFEST_SPACE, DEFAULT_MANIFEST_VERSION, DEFAULT_SIGNED_READ_URL_EXPIRY_MS, DataVaultConfig, DataVaultService, DatabaseHandle, DecryptCapabilityProof, DecryptEnvelopeOptions, DecryptInvocationFact, DecryptInvocationSigner, DecryptRequestBody, DecryptResponseBody, DecryptTransport, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DidCacheKeyOptions, DidEqualsOptions, DiscoverNetworkInput, DiscoveredNetwork, DiscoverySource, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, ENCRYPTION_NETWORK_URN_PREFIX, ENCRYPTION_SERVICE, ENCRYPTION_SERVICE_SHORT, ENVELOPE_VERSION, EncodedShareData, EncryptToNetworkInput, EncryptToNetworkOptions, EncryptToNetworkResult, EncryptionCrypto, EncryptionError, EncryptionErrorInput, EncryptionService, EncryptionServiceConfig, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, HookEvent, HookServiceName, HookStreamEvent, HookSubscription, HookWebhookListOptions, HookWebhookRecord, HookWebhookRegistration, HookWebhookScope, HookWebhookUnregisterOptions, HooksService, HooksServiceConfig, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IEncryptionService, IHooksService, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISecretsService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IdentityParseError, IngestOptions, InlineEncryptedEnvelope, InvokeFunction, JWK, KVCreateSignedReadUrlOptions, KVResponse, KVService, KVServiceConfig, KVSignedReadUrlResponse, KeyInfo, KeyProvider, KeyType, Manifest, ManifestDefaults, ManifestRegistryRecord, ManifestSecretActions, ManifestValidationError, NETWORK_NAME_PATTERN, NetworkDescriptor, NetworkIdError, NodeDescriptorFetcher, ParsedNetworkId, PermissionEntry, PermissionNotInManifestError, PersistedSessionData, PkhDidParts, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, RandomReceiverKeyInput, ReceiveOptions, ReceiverKeyPair, ReceiverKeySigner, ResolvedCapabilities, ResolvedDelegate, ResolvedSecretPath, ResourceCapability, SECRET_NAME_RE, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, SecretPayload, SecretScopeOptions, SecretsError, SecretsService, ServiceContext, ServiceContextConfig, ServiceSession, SessionExpiredError, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignInOptions, SignRequest, SignResponse, SignedReceiverKeyInput, SilentNotificationHandler, Space, SpaceAbilitiesMap, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, SubscribeOptions, TableInfo, TelemetryConfig, TelemetryEventHandler, TinyCloud, TinyCloudConfig, TinyCloudSession, UnsupportedFeatureError, VAULT_PERMISSION_SERVICE, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VerifyDecryptResponseInput, VersionCheckError, ViewInfo, WasmVaultFunctions, WellKnownDescriptorFetcher, addressStorageKey, buildCanonicalDecryptRequest, buildDecryptAttenuation, buildDecryptFacts, buildDecryptInvocation, buildNetworkId, buildSpaceUri, canonicalHashHex, canonicalSignedResponse, canonicalizeAddress, canonicalizeDid, canonicalizeDidUrl, canonicalizeEncryptionJson, canonicalizeNetworkId, canonicalizeSecretScope, checkDecryptInvocationInput, checkNodeInfo, composeManifestRequest, createCapabilityKeyRegistry, createSharingService, createSpaceService, createVaultCrypto, decryptEnvelopeWithKey, defaultSpaceCreationHandler, deriveSignedReceiverKey, didCacheKey, didEquals, discoverNetwork, encryptToNetwork, encryptionBase64Decode, encryptionBase64Encode, encryptionError, encryptionUtf8Decode, encryptionUtf8Encode, ensureNetworkUsableForDecrypt, expandActionShortNames, expandPermissionEntries, expandPermissionEntry, generateRandomReceiverKey, hexDecode, hexEncode, isCapabilitySubset, isEvmAddress, isNetworkId, loadManifest, makePkhSpaceId, makePublicSpaceId, networkDiscoveryKey, openWrappedKey, parseCanonicalNetworkId, parseExpiry, parseNetworkId, parsePkhDid, parseSpaceUri, pkhDid, principalDid, principalDidEquals, resolveManifest, resolveSecretListPrefix, resolveSecretPath, resourceCapabilitiesToSpaceAbilitiesMap, validateEnvelope, validateManifest, verifyDecryptResponse } from '@tinycloud/sdk-core';
|
|
3
|
-
export { A as AuthDelegationArtifact, a as AuthRequestArtifact, D as DelegateToOptions, b as DelegateToResult, c as DelegatedAccess, d as DelegationAuthority, F as FileSessionStorage, M as MemorySessionStorage, N as NodeEventEmitterStrategy, e as NodeUserAuthorization, f as NodeUserAuthorizationConfig, P as PortableDelegation, R as RestorableSession, g as RuntimePermissionGrantOptions, S as SignStrategy, T as TinyCloudNode, h as TinyCloudNodeConfig, W as WasmKeyProvider, i as WasmKeyProviderConfig, j as createWasmKeyProvider, k as defaultSignStrategy, l as deserializeDelegation, m as grantAuthRequest, s as serializeDelegation } from './core-
|
|
3
|
+
export { A as AuthDelegationArtifact, a as AuthRequestArtifact, D as DelegateToOptions, b as DelegateToResult, c as DelegatedAccess, d as DelegationAuthority, F as FileSessionStorage, M as MemorySessionStorage, N as NodeEventEmitterStrategy, e as NodeUserAuthorization, f as NodeUserAuthorizationConfig, P as PortableDelegation, R as RestorableSession, g as RuntimePermissionGrantOptions, S as SignStrategy, T as TinyCloudNode, h as TinyCloudNodeConfig, W as WasmKeyProvider, i as WasmKeyProviderConfig, j as createWasmKeyProvider, k as defaultSignStrategy, l as deserializeDelegation, m as grantAuthRequest, s as serializeDelegation } from './core-BSQqoLAd.js';
|
|
4
4
|
import { invoke, invokeAny, computeCid, prepareSession, completeSessionSetup, ensureEip55, makeSpaceId, createDelegation, parseRecapFromSiwe, generateHostSIWEMessage, siweToDelegationHeaders, protocolVersion, vault_encrypt, vault_decrypt, vault_derive_key, vault_x25519_from_seed, vault_x25519_dh, vault_random_bytes, vault_sha256 } from '@tinycloud/node-sdk-wasm';
|
|
5
5
|
import 'events';
|
|
6
6
|
import '@tinycloud/sdk-services';
|
package/dist/index.js
CHANGED
|
@@ -17186,7 +17186,8 @@ import {
|
|
|
17186
17186
|
verifyDidKeyEd25519Signature,
|
|
17187
17187
|
canonicalizeAddress as canonicalizeAddress2,
|
|
17188
17188
|
pkhDid as pkhDid2,
|
|
17189
|
-
principalDidEquals
|
|
17189
|
+
principalDidEquals as principalDidEquals2,
|
|
17190
|
+
parseNetworkId as parseNetworkId2
|
|
17190
17191
|
} from "@tinycloud/sdk-core";
|
|
17191
17192
|
|
|
17192
17193
|
// src/authorization/NodeUserAuthorization.ts
|
|
@@ -17199,6 +17200,8 @@ import {
|
|
|
17199
17200
|
DEFAULT_MANIFEST_SPACE,
|
|
17200
17201
|
ENCRYPTION_PERMISSION_SERVICE,
|
|
17201
17202
|
composeManifestRequest,
|
|
17203
|
+
parseNetworkId,
|
|
17204
|
+
principalDidEquals,
|
|
17202
17205
|
resourceCapabilitiesToAbilitiesMap,
|
|
17203
17206
|
resourceCapabilitiesToSpaceAbilitiesMap,
|
|
17204
17207
|
resolveTinyCloudHosts,
|
|
@@ -17283,6 +17286,25 @@ var MemorySessionStorage = class {
|
|
|
17283
17286
|
};
|
|
17284
17287
|
|
|
17285
17288
|
// src/authorization/NodeUserAuthorization.ts
|
|
17289
|
+
var DECRYPT_ACTION = "tinycloud.encryption/decrypt";
|
|
17290
|
+
var NETWORK_CREATE_ACTION = "tinycloud.encryption/network.create";
|
|
17291
|
+
function didPrincipalMatches(actual, expected) {
|
|
17292
|
+
try {
|
|
17293
|
+
return principalDidEquals(actual, expected);
|
|
17294
|
+
} catch {
|
|
17295
|
+
return actual === expected;
|
|
17296
|
+
}
|
|
17297
|
+
}
|
|
17298
|
+
function addRawAbility(rawAbilities, resource, action) {
|
|
17299
|
+
const actions = rawAbilities[resource];
|
|
17300
|
+
if (actions === void 0) {
|
|
17301
|
+
rawAbilities[resource] = [action];
|
|
17302
|
+
return;
|
|
17303
|
+
}
|
|
17304
|
+
if (!actions.includes(action)) {
|
|
17305
|
+
actions.push(action);
|
|
17306
|
+
}
|
|
17307
|
+
}
|
|
17286
17308
|
var NodeUserAuthorization = class {
|
|
17287
17309
|
constructor(config) {
|
|
17288
17310
|
this.extensions = [];
|
|
@@ -17512,20 +17534,18 @@ var NodeUserAuthorization = class {
|
|
|
17512
17534
|
};
|
|
17513
17535
|
}
|
|
17514
17536
|
const rawAbilities = {};
|
|
17537
|
+
const currentDid = pkhDid(address, chainId);
|
|
17515
17538
|
const spaceResources = request.resources.filter((entry) => {
|
|
17516
17539
|
if (entry.service !== ENCRYPTION_PERMISSION_SERVICE) {
|
|
17517
17540
|
return true;
|
|
17518
17541
|
}
|
|
17519
|
-
const
|
|
17520
|
-
|
|
17521
|
-
|
|
17522
|
-
|
|
17523
|
-
const
|
|
17524
|
-
|
|
17525
|
-
|
|
17526
|
-
existing.push(action);
|
|
17527
|
-
seen.add(action);
|
|
17528
|
-
}
|
|
17542
|
+
for (const action of entry.actions) {
|
|
17543
|
+
addRawAbility(rawAbilities, entry.path, action);
|
|
17544
|
+
}
|
|
17545
|
+
if (entry.actions.includes(DECRYPT_ACTION)) {
|
|
17546
|
+
const parsed = parseNetworkId(entry.path);
|
|
17547
|
+
if (didPrincipalMatches(parsed.ownerDid, currentDid)) {
|
|
17548
|
+
addRawAbility(rawAbilities, entry.path, NETWORK_CREATE_ACTION);
|
|
17529
17549
|
}
|
|
17530
17550
|
}
|
|
17531
17551
|
return false;
|
|
@@ -18501,13 +18521,13 @@ var NodeSecretsService = class {
|
|
|
18501
18521
|
// src/TinyCloudNode.ts
|
|
18502
18522
|
var DEFAULT_HOST = "https://node.tinycloud.xyz";
|
|
18503
18523
|
var DEFAULT_ENCRYPTION_NETWORK_NAME = "default";
|
|
18504
|
-
var
|
|
18505
|
-
var
|
|
18524
|
+
var NETWORK_CREATE_ACTION2 = "tinycloud.encryption/network.create";
|
|
18525
|
+
var DECRYPT_ACTION2 = "tinycloud.encryption/decrypt";
|
|
18506
18526
|
var NETWORK_ADMIN_TYPE = "tinycloud.encryption.network-admin/v1";
|
|
18507
18527
|
var DEFAULT_SESSION_EXPIRATION_MS = EXPIRY3.SESSION_MS;
|
|
18508
|
-
function
|
|
18528
|
+
function didPrincipalMatches2(actual, expected) {
|
|
18509
18529
|
try {
|
|
18510
|
-
return
|
|
18530
|
+
return principalDidEquals2(actual, expected);
|
|
18511
18531
|
} catch {
|
|
18512
18532
|
return actual === expected;
|
|
18513
18533
|
}
|
|
@@ -18881,6 +18901,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18881
18901
|
await this.tc.signIn(options);
|
|
18882
18902
|
this.syncResolvedHostFromAuth();
|
|
18883
18903
|
this.initializeServices();
|
|
18904
|
+
await this.ensureRequestedEncryptionNetworks();
|
|
18884
18905
|
if (this.config.manifest === void 0 && this.config.capabilityRequest === void 0) {
|
|
18885
18906
|
await this.ensureOwnedSpaceHosted(this.ownedSpaceId("secrets"));
|
|
18886
18907
|
}
|
|
@@ -18917,6 +18938,31 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18917
18938
|
}
|
|
18918
18939
|
}
|
|
18919
18940
|
}
|
|
18941
|
+
requestedEncryptionNetworkIds() {
|
|
18942
|
+
const request = this.capabilityRequest;
|
|
18943
|
+
if (!request) {
|
|
18944
|
+
return [];
|
|
18945
|
+
}
|
|
18946
|
+
const networkIds = /* @__PURE__ */ new Set();
|
|
18947
|
+
for (const resource of request.resources) {
|
|
18948
|
+
if (resource.service === ENCRYPTION_PERMISSION_SERVICE2 && resource.path.startsWith("urn:tinycloud:encryption:") && resource.actions.includes(DECRYPT_ACTION2)) {
|
|
18949
|
+
networkIds.add(resource.path);
|
|
18950
|
+
}
|
|
18951
|
+
}
|
|
18952
|
+
return [...networkIds];
|
|
18953
|
+
}
|
|
18954
|
+
async ensureRequestedEncryptionNetworks() {
|
|
18955
|
+
if (!this.signer || !this.auth) {
|
|
18956
|
+
return;
|
|
18957
|
+
}
|
|
18958
|
+
for (const networkId of this.requestedEncryptionNetworkIds()) {
|
|
18959
|
+
const parsed = parseNetworkId2(networkId);
|
|
18960
|
+
if (!didPrincipalMatches2(parsed.ownerDid, this.did)) {
|
|
18961
|
+
continue;
|
|
18962
|
+
}
|
|
18963
|
+
await this.ensureEncryptionNetwork(networkId);
|
|
18964
|
+
}
|
|
18965
|
+
}
|
|
18920
18966
|
async ensureOwnedSpaceHosted(spaceId) {
|
|
18921
18967
|
if (!this.auth) {
|
|
18922
18968
|
throw new Error("Owned space hosting requires wallet mode");
|
|
@@ -19385,7 +19431,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19385
19431
|
const signed2 = await this.signRawNetworkAuthorization({
|
|
19386
19432
|
targetNode: input.targetNode,
|
|
19387
19433
|
networkId: input.networkId,
|
|
19388
|
-
action:
|
|
19434
|
+
action: DECRYPT_ACTION2,
|
|
19389
19435
|
facts: input.facts
|
|
19390
19436
|
});
|
|
19391
19437
|
return {
|
|
@@ -19402,7 +19448,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19402
19448
|
},
|
|
19403
19449
|
wellKnown: {
|
|
19404
19450
|
fetchWellKnown: async (principal, discoveryKey) => {
|
|
19405
|
-
if (!this._address || !
|
|
19451
|
+
if (!this._address || !didPrincipalMatches2(principal, this.did)) {
|
|
19406
19452
|
return null;
|
|
19407
19453
|
}
|
|
19408
19454
|
if (!this.config.host) {
|
|
@@ -19909,12 +19955,12 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19909
19955
|
crypto2.sha256,
|
|
19910
19956
|
body
|
|
19911
19957
|
),
|
|
19912
|
-
action:
|
|
19958
|
+
action: NETWORK_CREATE_ACTION2
|
|
19913
19959
|
};
|
|
19914
19960
|
const signed2 = await this.signRawNetworkAuthorization({
|
|
19915
19961
|
targetNode,
|
|
19916
19962
|
networkId,
|
|
19917
|
-
action:
|
|
19963
|
+
action: NETWORK_CREATE_ACTION2,
|
|
19918
19964
|
facts
|
|
19919
19965
|
});
|
|
19920
19966
|
const response = await fetch(`${this.config.host}/encryption/networks`, {
|
|
@@ -19935,12 +19981,19 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19935
19981
|
const created = await response.json();
|
|
19936
19982
|
return created.descriptor;
|
|
19937
19983
|
}
|
|
19938
|
-
async ensureEncryptionNetwork(
|
|
19939
|
-
const
|
|
19984
|
+
async ensureEncryptionNetwork(nameOrNetworkId = DEFAULT_ENCRYPTION_NETWORK_NAME) {
|
|
19985
|
+
const networkId = nameOrNetworkId.startsWith("urn:tinycloud:encryption:") ? nameOrNetworkId : this.getDefaultEncryptionNetworkId(nameOrNetworkId);
|
|
19986
|
+
const existing = await this.getEncryptionNetwork(networkId);
|
|
19940
19987
|
if (existing) {
|
|
19941
19988
|
return existing;
|
|
19942
19989
|
}
|
|
19943
|
-
|
|
19990
|
+
const parsed = parseNetworkId2(networkId);
|
|
19991
|
+
if (!didPrincipalMatches2(parsed.ownerDid, this.did)) {
|
|
19992
|
+
throw new Error(
|
|
19993
|
+
`Cannot create encryption network ${networkId}: owner ${parsed.ownerDid} does not match signed-in DID ${this.did}`
|
|
19994
|
+
);
|
|
19995
|
+
}
|
|
19996
|
+
return this.createEncryptionNetwork(parsed.name);
|
|
19944
19997
|
}
|
|
19945
19998
|
/**
|
|
19946
19999
|
* App-facing secrets API backed by the `secrets` space vault.
|
|
@@ -20088,7 +20141,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
20088
20141
|
throw new SessionExpiredError(delegation.expiry);
|
|
20089
20142
|
}
|
|
20090
20143
|
const expectedDids = [session.verificationMethod, this.sessionDid];
|
|
20091
|
-
if (!expectedDids.some((did) =>
|
|
20144
|
+
if (!expectedDids.some((did) => didPrincipalMatches2(delegation.delegateDID, did))) {
|
|
20092
20145
|
throw new Error(
|
|
20093
20146
|
`Runtime delegation targets ${delegation.delegateDID} but this session key is ${session.verificationMethod}.`
|
|
20094
20147
|
);
|
|
@@ -20617,7 +20670,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
20617
20670
|
);
|
|
20618
20671
|
}
|
|
20619
20672
|
const target = request.delegationTargets.find(
|
|
20620
|
-
(entry) =>
|
|
20673
|
+
(entry) => didPrincipalMatches2(entry.did, did)
|
|
20621
20674
|
);
|
|
20622
20675
|
if (!target) {
|
|
20623
20676
|
throw new Error(`No manifest delegation target found for DID ${did}`);
|
|
@@ -21347,7 +21400,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
21347
21400
|
const targetHost = delegation.host ?? this.config.host;
|
|
21348
21401
|
if (this.isSessionOnly) {
|
|
21349
21402
|
const myDid = this.did;
|
|
21350
|
-
if (!
|
|
21403
|
+
if (!didPrincipalMatches2(delegation.delegateDID, myDid)) {
|
|
21351
21404
|
throw new Error(
|
|
21352
21405
|
`Delegation targets ${delegation.delegateDID} but this user's DID is ${myDid}. The delegation must target this user's DID.`
|
|
21353
21406
|
);
|
|
@@ -21578,7 +21631,7 @@ import {
|
|
|
21578
21631
|
parsePkhDid,
|
|
21579
21632
|
pkhDid as pkhDid3,
|
|
21580
21633
|
principalDid,
|
|
21581
|
-
principalDidEquals as
|
|
21634
|
+
principalDidEquals as principalDidEquals3,
|
|
21582
21635
|
parseCanonicalNetworkId
|
|
21583
21636
|
} from "@tinycloud/sdk-core";
|
|
21584
21637
|
|
|
@@ -21791,7 +21844,7 @@ import {
|
|
|
21791
21844
|
} from "@tinycloud/sdk-core";
|
|
21792
21845
|
import {
|
|
21793
21846
|
EncryptionService as EncryptionService2,
|
|
21794
|
-
parseNetworkId,
|
|
21847
|
+
parseNetworkId as parseNetworkId3,
|
|
21795
21848
|
buildNetworkId,
|
|
21796
21849
|
isNetworkId,
|
|
21797
21850
|
networkDiscoveryKey,
|
|
@@ -21826,7 +21879,7 @@ import {
|
|
|
21826
21879
|
DEFAULT_KEY_VERSION,
|
|
21827
21880
|
DECRYPT_FACT_TYPE,
|
|
21828
21881
|
DECRYPT_RESULT_TYPE,
|
|
21829
|
-
DECRYPT_ACTION as
|
|
21882
|
+
DECRYPT_ACTION as DECRYPT_ACTION3,
|
|
21830
21883
|
ENCRYPTION_SERVICE,
|
|
21831
21884
|
ENCRYPTION_SERVICE_SHORT,
|
|
21832
21885
|
encryptionError
|
|
@@ -21865,7 +21918,7 @@ export {
|
|
|
21865
21918
|
AutoApproveSpaceCreationHandler2 as AutoApproveSpaceCreationHandler,
|
|
21866
21919
|
CapabilityKeyRegistry2 as CapabilityKeyRegistry,
|
|
21867
21920
|
CapabilityKeyRegistryErrorCodes,
|
|
21868
|
-
|
|
21921
|
+
DECRYPT_ACTION3 as DECRYPT_ACTION,
|
|
21869
21922
|
DECRYPT_FACT_TYPE,
|
|
21870
21923
|
DECRYPT_RESULT_TYPE,
|
|
21871
21924
|
DEFAULT_ENCRYPTION_ALG,
|
|
@@ -21974,12 +22027,12 @@ export {
|
|
|
21974
22027
|
openWrappedKey,
|
|
21975
22028
|
parseCanonicalNetworkId,
|
|
21976
22029
|
parseExpiry2 as parseExpiry,
|
|
21977
|
-
parseNetworkId,
|
|
22030
|
+
parseNetworkId3 as parseNetworkId,
|
|
21978
22031
|
parsePkhDid,
|
|
21979
22032
|
parseSpaceUri,
|
|
21980
22033
|
pkhDid3 as pkhDid,
|
|
21981
22034
|
principalDid,
|
|
21982
|
-
|
|
22035
|
+
principalDidEquals3 as principalDidEquals,
|
|
21983
22036
|
resolveManifest2 as resolveManifest,
|
|
21984
22037
|
resolveSecretListPrefix2 as resolveSecretListPrefix,
|
|
21985
22038
|
resolveSecretPath2 as resolveSecretPath,
|