@tinycloud/sdk-services 2.2.0 → 2.3.0-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/encryption/index.cjs +42 -25
  2. package/dist/encryption/index.cjs.map +1 -1
  3. package/dist/encryption/index.d.cts +25 -25
  4. package/dist/encryption/index.d.ts +25 -25
  5. package/dist/encryption/index.js +42 -25
  6. package/dist/encryption/index.js.map +1 -1
  7. package/dist/index.cjs +42 -25
  8. package/dist/index.cjs.map +1 -1
  9. package/dist/index.js +42 -25
  10. package/dist/index.js.map +1 -1
  11. package/package.json +2 -2
package/dist/encryption/index.cjs CHANGED
@@ -471,20 +471,20 @@ function parseNetworkId(networkId) {
471
471
  const lastColon = body.lastIndexOf(":");
472
472
  if (lastColon <= 0 || lastColon === body.length - 1) {
473
473
  throw new NetworkIdError(
474
- `networkId missing principal or name segment (got ${JSON.stringify(networkId)})`
474
+ `networkId missing ownerDid or name segment (got ${JSON.stringify(networkId)})`
475
475
  );
476
476
  }
477
- const principal = body.slice(0, lastColon);
477
+ const ownerDid = body.slice(0, lastColon);
478
478
  const name = body.slice(lastColon + 1);
479
- if (!principal.startsWith("did:")) {
479
+ if (!ownerDid.startsWith("did:")) {
480
480
  throw new NetworkIdError(
481
- `networkId principal must be a DID (got ${JSON.stringify(principal)})`
481
+ `networkId ownerDid must be a DID (got ${JSON.stringify(ownerDid)})`
482
482
  );
483
483
  }
484
- const didParts = principal.split(":");
484
+ const didParts = ownerDid.split(":");
485
485
  if (didParts.length < 3 || didParts.some((p) => p.length === 0)) {
486
486
  throw new NetworkIdError(
487
- `networkId principal is not a well-formed DID (got ${JSON.stringify(principal)})`
487
+ `networkId ownerDid is not a well-formed DID (got ${JSON.stringify(ownerDid)})`
488
488
  );
489
489
  }
490
490
  if (!NETWORK_NAME_RE.test(name)) {
@@ -492,18 +492,18 @@ function parseNetworkId(networkId) {
492
492
  `networkId name ${JSON.stringify(name)} must match ${NETWORK_NAME_RE.source}`
493
493
  );
494
494
  }
495
- return { networkId, principal, name };
495
+ return { networkId, ownerDid, name };
496
496
  }
497
- function buildNetworkId(principal, name) {
498
- if (typeof principal !== "string" || !principal.startsWith("did:")) {
499
- throw new NetworkIdError("principal must be a DID");
497
+ function buildNetworkId(ownerDid, name) {
498
+ if (typeof ownerDid !== "string" || !ownerDid.startsWith("did:")) {
499
+ throw new NetworkIdError("ownerDid must be a DID");
500
500
  }
501
501
  if (typeof name !== "string" || !NETWORK_NAME_RE.test(name)) {
502
502
  throw new NetworkIdError(
503
503
  `network name ${JSON.stringify(name)} must match ${NETWORK_NAME_RE.source}`
504
504
  );
505
505
  }
506
- const networkId = `${URN_PREFIX}${principal}:${name}`;
506
+ const networkId = `${URN_PREFIX}${ownerDid}:${name}`;
507
507
  parseNetworkId(networkId);
508
508
  return networkId;
509
509
  }
@@ -580,27 +580,27 @@ function toError(error) {
580
580
  // src/encryption/discovery.ts
581
581
  async function discoverNetwork(input) {
582
582
  let networkId;
583
- let principal;
583
+ let ownerDid;
584
584
  let name;
585
585
  try {
586
586
  if (input.identifier.startsWith("urn:tinycloud:encryption:")) {
587
587
  const parsed = parseNetworkId(input.identifier);
588
588
  networkId = parsed.networkId;
589
- principal = parsed.principal;
589
+ ownerDid = parsed.ownerDid;
590
590
  name = parsed.name;
591
591
  } else {
592
- if (input.principal === void 0) {
592
+ if (input.ownerDid === void 0) {
593
593
  return {
594
594
  ok: false,
595
595
  error: encryptionError({
596
596
  code: "INVALID_INPUT",
597
- message: "discoverNetwork requires `principal` when identifier is a bare network name"
597
+ message: "discoverNetwork requires `ownerDid` when identifier is a bare network name"
598
598
  })
599
599
  };
600
600
  }
601
- networkId = `urn:tinycloud:encryption:${input.principal}:${input.identifier}`;
601
+ networkId = `urn:tinycloud:encryption:${input.ownerDid}:${input.identifier}`;
602
602
  const parsed = parseNetworkId(networkId);
603
- principal = parsed.principal;
603
+ ownerDid = parsed.ownerDid;
604
604
  name = parsed.name;
605
605
  }
606
606
  } catch (err2) {
@@ -619,7 +619,7 @@ async function discoverNetwork(input) {
619
619
  try {
620
620
  const descriptor = await input.node.fetchByNetworkId(networkId);
621
621
  if (descriptor !== null) {
622
- const validated = validateDescriptor(descriptor, networkId, principal, name);
622
+ const validated = validateDescriptor(descriptor, networkId, ownerDid, name);
623
623
  if (!validated.ok) return validated;
624
624
  return { ok: true, data: { descriptor: validated.data, source: "node" } };
625
625
  }
@@ -629,11 +629,11 @@ async function discoverNetwork(input) {
629
629
  if (input.wellKnown !== void 0) {
630
630
  try {
631
631
  const descriptor = await input.wellKnown.fetchWellKnown(
632
- principal,
632
+ ownerDid,
633
633
  networkDiscoveryKey(name)
634
634
  );
635
635
  if (descriptor !== null) {
636
- const validated = validateDescriptor(descriptor, networkId, principal, name);
636
+ const validated = validateDescriptor(descriptor, networkId, ownerDid, name);
637
637
  if (!validated.ok) return validated;
638
638
  return {
639
639
  ok: true,
@@ -652,7 +652,7 @@ async function discoverNetwork(input) {
652
652
  })
653
653
  };
654
654
  }
655
- function validateDescriptor(descriptor, networkId, principal, name) {
655
+ function validateDescriptor(descriptor, networkId, ownerDid, name) {
656
656
  if (descriptor.networkId !== networkId) {
657
657
  return {
658
658
  ok: false,
@@ -662,12 +662,12 @@ function validateDescriptor(descriptor, networkId, principal, name) {
662
662
  })
663
663
  };
664
664
  }
665
- if (descriptor.principal !== principal) {
665
+ if (descriptor.ownerDid !== ownerDid) {
666
666
  return {
667
667
  ok: false,
668
668
  error: encryptionError({
669
669
  code: "INVALID_NETWORK_ID",
670
- message: "descriptor principal does not match networkId principal"
670
+ message: "descriptor ownerDid does not match networkId ownerDid"
671
671
  })
672
672
  };
673
673
  }
@@ -1047,6 +1047,15 @@ function verifyDecryptResponse(input) {
1047
1047
  })
1048
1048
  };
1049
1049
  }
1050
+ if (response.nodeId !== request.targetNode) {
1051
+ return {
1052
+ ok: false,
1053
+ error: encryptionError({
1054
+ code: "RESPONSE_BINDING_MISMATCH",
1055
+ field: "nodeId"
1056
+ })
1057
+ };
1058
+ }
1050
1059
  if (response.alg !== request.alg) {
1051
1060
  return {
1052
1061
  ok: false,
@@ -1150,10 +1159,10 @@ var EncryptionService = class extends BaseService {
1150
1159
  get crypto() {
1151
1160
  return this._config.crypto;
1152
1161
  }
1153
- async discoverNetwork(identifier, principal) {
1162
+ async discoverNetwork(identifier, ownerDid) {
1154
1163
  const result = await discoverNetwork({
1155
1164
  identifier,
1156
- ...principal !== void 0 ? { principal } : {},
1165
+ ...ownerDid !== void 0 ? { ownerDid } : {},
1157
1166
  ...this._config.node !== void 0 ? { node: this._config.node } : {},
1158
1167
  ...this._config.wellKnown !== void 0 ? { wellKnown: this._config.wellKnown } : {}
1159
1168
  });
@@ -1191,6 +1200,14 @@ var EncryptionService = class extends BaseService {
1191
1200
  try {
1192
1201
  const validated = validateEnvelope(this.crypto, envelope);
1193
1202
  if (!validated.ok) return validated;
1203
+ if (options?.aad !== void 0 && validated.data.aad !== base64Encode(options.aad)) {
1204
+ return encErr(
1205
+ encryptionError({
1206
+ code: "INVALID_INPUT",
1207
+ message: "decryptEnvelope aad does not match the envelope"
1208
+ })
1209
+ );
1210
+ }
1194
1211
  let descriptor;
1195
1212
  if (options?.descriptor !== void 0) {
1196
1213
  descriptor = options.descriptor;