npm - @tinycloud/sdk-services - Versions diffs - 2.2.0 → 2.3.0-beta.2 - Mend

@tinycloud/sdk-services 2.2.0 → 2.3.0-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/encryption/index.cjs +42 -25
package/dist/encryption/index.cjs.map +1 -1
package/dist/encryption/index.d.cts +25 -25
package/dist/encryption/index.d.ts +25 -25
package/dist/encryption/index.js +42 -25
package/dist/encryption/index.js.map +1 -1
package/dist/index.cjs +42 -25
package/dist/index.cjs.map +1 -1
package/dist/index.js +42 -25
package/dist/index.js.map +1 -1
package/package.json +2 -2

package/dist/index.js CHANGED Viewed

@@ -4429,20 +4429,20 @@ function parseNetworkId(networkId) {
   const lastColon = body.lastIndexOf(":");
   if (lastColon <= 0 || lastColon === body.length - 1) {
     throw new NetworkIdError(
-      `networkId missing principal or name segment (got ${JSON.stringify(networkId)})`
+      `networkId missing ownerDid or name segment (got ${JSON.stringify(networkId)})`
     );
   }
-  const principal = body.slice(0, lastColon);
+  const ownerDid = body.slice(0, lastColon);
   const name = body.slice(lastColon + 1);
-  if (!principal.startsWith("did:")) {
+  if (!ownerDid.startsWith("did:")) {
     throw new NetworkIdError(
-      `networkId principal must be a DID (got ${JSON.stringify(principal)})`
+      `networkId ownerDid must be a DID (got ${JSON.stringify(ownerDid)})`
     );
   }
-  const didParts = principal.split(":");
+  const didParts = ownerDid.split(":");
   if (didParts.length < 3 || didParts.some((p) => p.length === 0)) {
     throw new NetworkIdError(
-      `networkId principal is not a well-formed DID (got ${JSON.stringify(principal)})`
+      `networkId ownerDid is not a well-formed DID (got ${JSON.stringify(ownerDid)})`
     );
   }
   if (!NETWORK_NAME_RE.test(name)) {
@@ -4450,18 +4450,18 @@ function parseNetworkId(networkId) {
       `networkId name ${JSON.stringify(name)} must match ${NETWORK_NAME_RE.source}`
     );
   }
-  return { networkId, principal, name };
+  return { networkId, ownerDid, name };
 }
-function buildNetworkId(principal, name) {
-  if (typeof principal !== "string" || !principal.startsWith("did:")) {
-    throw new NetworkIdError("principal must be a DID");
+function buildNetworkId(ownerDid, name) {
+  if (typeof ownerDid !== "string" || !ownerDid.startsWith("did:")) {
+    throw new NetworkIdError("ownerDid must be a DID");
   }
   if (typeof name !== "string" || !NETWORK_NAME_RE.test(name)) {
     throw new NetworkIdError(
       `network name ${JSON.stringify(name)} must match ${NETWORK_NAME_RE.source}`
     );
   }
-  const networkId = `${URN_PREFIX}${principal}:${name}`;
+  const networkId = `${URN_PREFIX}${ownerDid}:${name}`;
   parseNetworkId(networkId);
   return networkId;
 }
@@ -4538,27 +4538,27 @@ function toError2(error) {
 // src/encryption/discovery.ts
 async function discoverNetwork(input) {
   let networkId;
-  let principal;
+  let ownerDid;
   let name;
   try {
     if (input.identifier.startsWith("urn:tinycloud:encryption:")) {
       const parsed = parseNetworkId(input.identifier);
       networkId = parsed.networkId;
-      principal = parsed.principal;
+      ownerDid = parsed.ownerDid;
       name = parsed.name;
     } else {
-      if (input.principal === void 0) {
+      if (input.ownerDid === void 0) {
         return {
           ok: false,
           error: encryptionError({
             code: "INVALID_INPUT",
-            message: "discoverNetwork requires `principal` when identifier is a bare network name"
+            message: "discoverNetwork requires `ownerDid` when identifier is a bare network name"
           })
         };
       }
-      networkId = `urn:tinycloud:encryption:${input.principal}:${input.identifier}`;
+      networkId = `urn:tinycloud:encryption:${input.ownerDid}:${input.identifier}`;
       const parsed = parseNetworkId(networkId);
-      principal = parsed.principal;
+      ownerDid = parsed.ownerDid;
       name = parsed.name;
     }
   } catch (err3) {
@@ -4577,7 +4577,7 @@ async function discoverNetwork(input) {
     try {
       const descriptor = await input.node.fetchByNetworkId(networkId);
       if (descriptor !== null) {
-        const validated = validateDescriptor(descriptor, networkId, principal, name);
+        const validated = validateDescriptor(descriptor, networkId, ownerDid, name);
         if (!validated.ok) return validated;
         return { ok: true, data: { descriptor: validated.data, source: "node" } };
       }
@@ -4587,11 +4587,11 @@ async function discoverNetwork(input) {
   if (input.wellKnown !== void 0) {
     try {
       const descriptor = await input.wellKnown.fetchWellKnown(
-        principal,
+        ownerDid,
         networkDiscoveryKey(name)
       );
       if (descriptor !== null) {
-        const validated = validateDescriptor(descriptor, networkId, principal, name);
+        const validated = validateDescriptor(descriptor, networkId, ownerDid, name);
         if (!validated.ok) return validated;
         return {
           ok: true,
@@ -4610,7 +4610,7 @@ async function discoverNetwork(input) {
     })
   };
 }
-function validateDescriptor(descriptor, networkId, principal, name) {
+function validateDescriptor(descriptor, networkId, ownerDid, name) {
   if (descriptor.networkId !== networkId) {
     return {
       ok: false,
@@ -4620,12 +4620,12 @@ function validateDescriptor(descriptor, networkId, principal, name) {
       })
     };
   }
-  if (descriptor.principal !== principal) {
+  if (descriptor.ownerDid !== ownerDid) {
     return {
       ok: false,
       error: encryptionError({
         code: "INVALID_NETWORK_ID",
-        message: "descriptor principal does not match networkId principal"
+        message: "descriptor ownerDid does not match networkId ownerDid"
       })
     };
   }
@@ -5005,6 +5005,15 @@ function verifyDecryptResponse(input) {
       })
     };
   }
+  if (response.nodeId !== request.targetNode) {
+    return {
+      ok: false,
+      error: encryptionError({
+        code: "RESPONSE_BINDING_MISMATCH",
+        field: "nodeId"
+      })
+    };
+  }
   if (response.alg !== request.alg) {
     return {
       ok: false,
@@ -5108,10 +5117,10 @@ var EncryptionService = class extends BaseService {
   get crypto() {
     return this._config.crypto;
   }
-  async discoverNetwork(identifier, principal) {
+  async discoverNetwork(identifier, ownerDid) {
     const result = await discoverNetwork({
       identifier,
-      ...principal !== void 0 ? { principal } : {},
+      ...ownerDid !== void 0 ? { ownerDid } : {},
       ...this._config.node !== void 0 ? { node: this._config.node } : {},
       ...this._config.wellKnown !== void 0 ? { wellKnown: this._config.wellKnown } : {}
     });
@@ -5149,6 +5158,14 @@ var EncryptionService = class extends BaseService {
     try {
       const validated = validateEnvelope(this.crypto, envelope);
       if (!validated.ok) return validated;
+      if (options?.aad !== void 0 && validated.data.aad !== base64Encode2(options.aad)) {
+        return encErr(
+          encryptionError({
+            code: "INVALID_INPUT",
+            message: "decryptEnvelope aad does not match the envelope"
+          })
+        );
+      }
       let descriptor;
       if (options?.descriptor !== void 0) {
         descriptor = options.descriptor;