@tinycloud/sdk-services 2.2.1-beta.0 → 2.3.0-beta.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/encryption/index.cjs +70 -27
  2. package/dist/encryption/index.cjs.map +1 -1
  3. package/dist/encryption/index.d.cts +25 -25
  4. package/dist/encryption/index.d.ts +25 -25
  5. package/dist/encryption/index.js +70 -27
  6. package/dist/encryption/index.js.map +1 -1
  7. package/dist/index.cjs +70 -27
  8. package/dist/index.cjs.map +1 -1
  9. package/dist/index.js +70 -27
  10. package/dist/index.js.map +1 -1
  11. package/package.json +2 -2
package/dist/index.cjs CHANGED
@@ -4538,6 +4538,7 @@ function canonicalHashHex(sha256, value) {
4538
4538
  // src/encryption/networkId.ts
4539
4539
  var URN_PREFIX = "urn:tinycloud:encryption:";
4540
4540
  var NETWORK_NAME_RE = /^[a-z0-9][a-z0-9-]*$/;
4541
+ var PKH_EIP155_DID_RE = /^did:pkh:eip155:(\d+):(0x[a-fA-F0-9]{40})$/;
4541
4542
  var NetworkIdError = class extends Error {
4542
4543
  constructor(message) {
4543
4544
  super(message);
@@ -4557,20 +4558,20 @@ function parseNetworkId(networkId) {
4557
4558
  const lastColon = body.lastIndexOf(":");
4558
4559
  if (lastColon <= 0 || lastColon === body.length - 1) {
4559
4560
  throw new NetworkIdError(
4560
- `networkId missing principal or name segment (got ${JSON.stringify(networkId)})`
4561
+ `networkId missing ownerDid or name segment (got ${JSON.stringify(networkId)})`
4561
4562
  );
4562
4563
  }
4563
- const principal = body.slice(0, lastColon);
4564
+ const ownerDid = body.slice(0, lastColon);
4564
4565
  const name = body.slice(lastColon + 1);
4565
- if (!principal.startsWith("did:")) {
4566
+ if (!ownerDid.startsWith("did:")) {
4566
4567
  throw new NetworkIdError(
4567
- `networkId principal must be a DID (got ${JSON.stringify(principal)})`
4568
+ `networkId ownerDid must be a DID (got ${JSON.stringify(ownerDid)})`
4568
4569
  );
4569
4570
  }
4570
- const didParts = principal.split(":");
4571
+ const didParts = ownerDid.split(":");
4571
4572
  if (didParts.length < 3 || didParts.some((p) => p.length === 0)) {
4572
4573
  throw new NetworkIdError(
4573
- `networkId principal is not a well-formed DID (got ${JSON.stringify(principal)})`
4574
+ `networkId ownerDid is not a well-formed DID (got ${JSON.stringify(ownerDid)})`
4574
4575
  );
4575
4576
  }
4576
4577
  if (!NETWORK_NAME_RE.test(name)) {
@@ -4578,18 +4579,18 @@ function parseNetworkId(networkId) {
4578
4579
  `networkId name ${JSON.stringify(name)} must match ${NETWORK_NAME_RE.source}`
4579
4580
  );
4580
4581
  }
4581
- return { networkId, principal, name };
4582
+ return { networkId, ownerDid, name };
4582
4583
  }
4583
- function buildNetworkId(principal, name) {
4584
- if (typeof principal !== "string" || !principal.startsWith("did:")) {
4585
- throw new NetworkIdError("principal must be a DID");
4584
+ function buildNetworkId(ownerDid, name) {
4585
+ if (typeof ownerDid !== "string" || !ownerDid.startsWith("did:")) {
4586
+ throw new NetworkIdError("ownerDid must be a DID");
4586
4587
  }
4587
4588
  if (typeof name !== "string" || !NETWORK_NAME_RE.test(name)) {
4588
4589
  throw new NetworkIdError(
4589
4590
  `network name ${JSON.stringify(name)} must match ${NETWORK_NAME_RE.source}`
4590
4591
  );
4591
4592
  }
4592
- const networkId = `${URN_PREFIX}${principal}:${name}`;
4593
+ const networkId = `${URN_PREFIX}${ownerDid}:${name}`;
4593
4594
  parseNetworkId(networkId);
4594
4595
  return networkId;
4595
4596
  }
@@ -4604,6 +4605,22 @@ function isNetworkId(networkId) {
4604
4605
  return false;
4605
4606
  }
4606
4607
  }
4608
+ function parsePkhOwnerDid(ownerDid) {
4609
+ const match = ownerDid.match(PKH_EIP155_DID_RE);
4610
+ if (!match) return null;
4611
+ return {
4612
+ chainId: match[1],
4613
+ address: match[2].toLowerCase()
4614
+ };
4615
+ }
4616
+ function ownerDidMatches(a, b) {
4617
+ const aPkh = parsePkhOwnerDid(a);
4618
+ const bPkh = parsePkhOwnerDid(b);
4619
+ if (aPkh && bPkh) {
4620
+ return aPkh.chainId === bPkh.chainId && aPkh.address === bPkh.address;
4621
+ }
4622
+ return a === b;
4623
+ }
4607
4624
  function networkDiscoveryKey(name) {
4608
4625
  if (!NETWORK_NAME_RE.test(name)) {
4609
4626
  throw new NetworkIdError(
@@ -4666,27 +4683,27 @@ function toError2(error) {
4666
4683
  // src/encryption/discovery.ts
4667
4684
  async function discoverNetwork(input) {
4668
4685
  let networkId;
4669
- let principal;
4686
+ let ownerDid;
4670
4687
  let name;
4671
4688
  try {
4672
4689
  if (input.identifier.startsWith("urn:tinycloud:encryption:")) {
4673
4690
  const parsed = parseNetworkId(input.identifier);
4674
4691
  networkId = parsed.networkId;
4675
- principal = parsed.principal;
4692
+ ownerDid = parsed.ownerDid;
4676
4693
  name = parsed.name;
4677
4694
  } else {
4678
- if (input.principal === void 0) {
4695
+ if (input.ownerDid === void 0) {
4679
4696
  return {
4680
4697
  ok: false,
4681
4698
  error: encryptionError({
4682
4699
  code: "INVALID_INPUT",
4683
- message: "discoverNetwork requires `principal` when identifier is a bare network name"
4700
+ message: "discoverNetwork requires `ownerDid` when identifier is a bare network name"
4684
4701
  })
4685
4702
  };
4686
4703
  }
4687
- networkId = `urn:tinycloud:encryption:${input.principal}:${input.identifier}`;
4704
+ networkId = `urn:tinycloud:encryption:${input.ownerDid}:${input.identifier}`;
4688
4705
  const parsed = parseNetworkId(networkId);
4689
- principal = parsed.principal;
4706
+ ownerDid = parsed.ownerDid;
4690
4707
  name = parsed.name;
4691
4708
  }
4692
4709
  } catch (err3) {
@@ -4705,7 +4722,7 @@ async function discoverNetwork(input) {
4705
4722
  try {
4706
4723
  const descriptor = await input.node.fetchByNetworkId(networkId);
4707
4724
  if (descriptor !== null) {
4708
- const validated = validateDescriptor(descriptor, networkId, principal, name);
4725
+ const validated = validateDescriptor(descriptor, networkId, ownerDid, name);
4709
4726
  if (!validated.ok) return validated;
4710
4727
  return { ok: true, data: { descriptor: validated.data, source: "node" } };
4711
4728
  }
@@ -4715,11 +4732,11 @@ async function discoverNetwork(input) {
4715
4732
  if (input.wellKnown !== void 0) {
4716
4733
  try {
4717
4734
  const descriptor = await input.wellKnown.fetchWellKnown(
4718
- principal,
4735
+ ownerDid,
4719
4736
  networkDiscoveryKey(name)
4720
4737
  );
4721
4738
  if (descriptor !== null) {
4722
- const validated = validateDescriptor(descriptor, networkId, principal, name);
4739
+ const validated = validateDescriptor(descriptor, networkId, ownerDid, name);
4723
4740
  if (!validated.ok) return validated;
4724
4741
  return {
4725
4742
  ok: true,
@@ -4738,8 +4755,20 @@ async function discoverNetwork(input) {
4738
4755
  })
4739
4756
  };
4740
4757
  }
4741
- function validateDescriptor(descriptor, networkId, principal, name) {
4742
- if (descriptor.networkId !== networkId) {
4758
+ function validateDescriptor(descriptor, networkId, ownerDid, name) {
4759
+ let descriptorNetwork;
4760
+ try {
4761
+ descriptorNetwork = parseNetworkId(descriptor.networkId);
4762
+ } catch (err3) {
4763
+ return {
4764
+ ok: false,
4765
+ error: encryptionError({
4766
+ code: "INVALID_NETWORK_ID",
4767
+ message: `descriptor networkId is malformed: ${err3 instanceof Error ? err3.message : String(err3)}`
4768
+ })
4769
+ };
4770
+ }
4771
+ if (descriptorNetwork.name !== name || !ownerDidMatches(descriptorNetwork.ownerDid, ownerDid)) {
4743
4772
  return {
4744
4773
  ok: false,
4745
4774
  error: encryptionError({
@@ -4748,12 +4777,13 @@ function validateDescriptor(descriptor, networkId, principal, name) {
4748
4777
  })
4749
4778
  };
4750
4779
  }
4751
- if (descriptor.principal !== principal) {
4780
+ const descriptorOwnerDid = descriptorOwner(descriptor);
4781
+ if (descriptorOwnerDid === void 0 || !ownerDidMatches(descriptorOwnerDid, ownerDid) || !ownerDidMatches(descriptorOwnerDid, descriptorNetwork.ownerDid)) {
4752
4782
  return {
4753
4783
  ok: false,
4754
4784
  error: encryptionError({
4755
4785
  code: "INVALID_NETWORK_ID",
4756
- message: "descriptor principal does not match networkId principal"
4786
+ message: "descriptor ownerDid does not match networkId ownerDid"
4757
4787
  })
4758
4788
  };
4759
4789
  }
@@ -4775,7 +4805,20 @@ function validateDescriptor(descriptor, networkId, principal, name) {
4775
4805
  })
4776
4806
  };
4777
4807
  }
4778
- return { ok: true, data: descriptor };
4808
+ return {
4809
+ ok: true,
4810
+ data: {
4811
+ ...descriptor,
4812
+ ownerDid: descriptorOwnerDid
4813
+ }
4814
+ };
4815
+ }
4816
+ function descriptorOwner(descriptor) {
4817
+ if (typeof descriptor.ownerDid === "string" && descriptor.ownerDid.length > 0) {
4818
+ return descriptor.ownerDid;
4819
+ }
4820
+ const legacyDescriptor = descriptor;
4821
+ return typeof legacyDescriptor.principal === "string" && legacyDescriptor.principal.length > 0 ? legacyDescriptor.principal : void 0;
4779
4822
  }
4780
4823
  function ensureNetworkUsableForDecrypt(descriptor) {
4781
4824
  if (descriptor.state === "active" || descriptor.state === "rotating") {
@@ -5245,10 +5288,10 @@ var EncryptionService = class extends BaseService {
5245
5288
  get crypto() {
5246
5289
  return this._config.crypto;
5247
5290
  }
5248
- async discoverNetwork(identifier, principal) {
5291
+ async discoverNetwork(identifier, ownerDid) {
5249
5292
  const result = await discoverNetwork({
5250
5293
  identifier,
5251
- ...principal !== void 0 ? { principal } : {},
5294
+ ...ownerDid !== void 0 ? { ownerDid } : {},
5252
5295
  ...this._config.node !== void 0 ? { node: this._config.node } : {},
5253
5296
  ...this._config.wellKnown !== void 0 ? { wellKnown: this._config.wellKnown } : {}
5254
5297
  });