@tinycloud/sdk-services 2.2.1-beta.0 → 2.3.0-beta.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/encryption/index.cjs +70 -27
  2. package/dist/encryption/index.cjs.map +1 -1
  3. package/dist/encryption/index.d.cts +25 -25
  4. package/dist/encryption/index.d.ts +25 -25
  5. package/dist/encryption/index.js +70 -27
  6. package/dist/encryption/index.js.map +1 -1
  7. package/dist/index.cjs +70 -27
  8. package/dist/index.cjs.map +1 -1
  9. package/dist/index.js +70 -27
  10. package/dist/index.js.map +1 -1
  11. package/package.json +2 -2
package/dist/index.js CHANGED
@@ -4410,6 +4410,7 @@ function canonicalHashHex(sha256, value) {
4410
4410
  // src/encryption/networkId.ts
4411
4411
  var URN_PREFIX = "urn:tinycloud:encryption:";
4412
4412
  var NETWORK_NAME_RE = /^[a-z0-9][a-z0-9-]*$/;
4413
+ var PKH_EIP155_DID_RE = /^did:pkh:eip155:(\d+):(0x[a-fA-F0-9]{40})$/;
4413
4414
  var NetworkIdError = class extends Error {
4414
4415
  constructor(message) {
4415
4416
  super(message);
@@ -4429,20 +4430,20 @@ function parseNetworkId(networkId) {
4429
4430
  const lastColon = body.lastIndexOf(":");
4430
4431
  if (lastColon <= 0 || lastColon === body.length - 1) {
4431
4432
  throw new NetworkIdError(
4432
- `networkId missing principal or name segment (got ${JSON.stringify(networkId)})`
4433
+ `networkId missing ownerDid or name segment (got ${JSON.stringify(networkId)})`
4433
4434
  );
4434
4435
  }
4435
- const principal = body.slice(0, lastColon);
4436
+ const ownerDid = body.slice(0, lastColon);
4436
4437
  const name = body.slice(lastColon + 1);
4437
- if (!principal.startsWith("did:")) {
4438
+ if (!ownerDid.startsWith("did:")) {
4438
4439
  throw new NetworkIdError(
4439
- `networkId principal must be a DID (got ${JSON.stringify(principal)})`
4440
+ `networkId ownerDid must be a DID (got ${JSON.stringify(ownerDid)})`
4440
4441
  );
4441
4442
  }
4442
- const didParts = principal.split(":");
4443
+ const didParts = ownerDid.split(":");
4443
4444
  if (didParts.length < 3 || didParts.some((p) => p.length === 0)) {
4444
4445
  throw new NetworkIdError(
4445
- `networkId principal is not a well-formed DID (got ${JSON.stringify(principal)})`
4446
+ `networkId ownerDid is not a well-formed DID (got ${JSON.stringify(ownerDid)})`
4446
4447
  );
4447
4448
  }
4448
4449
  if (!NETWORK_NAME_RE.test(name)) {
@@ -4450,18 +4451,18 @@ function parseNetworkId(networkId) {
4450
4451
  `networkId name ${JSON.stringify(name)} must match ${NETWORK_NAME_RE.source}`
4451
4452
  );
4452
4453
  }
4453
- return { networkId, principal, name };
4454
+ return { networkId, ownerDid, name };
4454
4455
  }
4455
- function buildNetworkId(principal, name) {
4456
- if (typeof principal !== "string" || !principal.startsWith("did:")) {
4457
- throw new NetworkIdError("principal must be a DID");
4456
+ function buildNetworkId(ownerDid, name) {
4457
+ if (typeof ownerDid !== "string" || !ownerDid.startsWith("did:")) {
4458
+ throw new NetworkIdError("ownerDid must be a DID");
4458
4459
  }
4459
4460
  if (typeof name !== "string" || !NETWORK_NAME_RE.test(name)) {
4460
4461
  throw new NetworkIdError(
4461
4462
  `network name ${JSON.stringify(name)} must match ${NETWORK_NAME_RE.source}`
4462
4463
  );
4463
4464
  }
4464
- const networkId = `${URN_PREFIX}${principal}:${name}`;
4465
+ const networkId = `${URN_PREFIX}${ownerDid}:${name}`;
4465
4466
  parseNetworkId(networkId);
4466
4467
  return networkId;
4467
4468
  }
@@ -4476,6 +4477,22 @@ function isNetworkId(networkId) {
4476
4477
  return false;
4477
4478
  }
4478
4479
  }
4480
+ function parsePkhOwnerDid(ownerDid) {
4481
+ const match = ownerDid.match(PKH_EIP155_DID_RE);
4482
+ if (!match) return null;
4483
+ return {
4484
+ chainId: match[1],
4485
+ address: match[2].toLowerCase()
4486
+ };
4487
+ }
4488
+ function ownerDidMatches(a, b) {
4489
+ const aPkh = parsePkhOwnerDid(a);
4490
+ const bPkh = parsePkhOwnerDid(b);
4491
+ if (aPkh && bPkh) {
4492
+ return aPkh.chainId === bPkh.chainId && aPkh.address === bPkh.address;
4493
+ }
4494
+ return a === b;
4495
+ }
4479
4496
  function networkDiscoveryKey(name) {
4480
4497
  if (!NETWORK_NAME_RE.test(name)) {
4481
4498
  throw new NetworkIdError(
@@ -4538,27 +4555,27 @@ function toError2(error) {
4538
4555
  // src/encryption/discovery.ts
4539
4556
  async function discoverNetwork(input) {
4540
4557
  let networkId;
4541
- let principal;
4558
+ let ownerDid;
4542
4559
  let name;
4543
4560
  try {
4544
4561
  if (input.identifier.startsWith("urn:tinycloud:encryption:")) {
4545
4562
  const parsed = parseNetworkId(input.identifier);
4546
4563
  networkId = parsed.networkId;
4547
- principal = parsed.principal;
4564
+ ownerDid = parsed.ownerDid;
4548
4565
  name = parsed.name;
4549
4566
  } else {
4550
- if (input.principal === void 0) {
4567
+ if (input.ownerDid === void 0) {
4551
4568
  return {
4552
4569
  ok: false,
4553
4570
  error: encryptionError({
4554
4571
  code: "INVALID_INPUT",
4555
- message: "discoverNetwork requires `principal` when identifier is a bare network name"
4572
+ message: "discoverNetwork requires `ownerDid` when identifier is a bare network name"
4556
4573
  })
4557
4574
  };
4558
4575
  }
4559
- networkId = `urn:tinycloud:encryption:${input.principal}:${input.identifier}`;
4576
+ networkId = `urn:tinycloud:encryption:${input.ownerDid}:${input.identifier}`;
4560
4577
  const parsed = parseNetworkId(networkId);
4561
- principal = parsed.principal;
4578
+ ownerDid = parsed.ownerDid;
4562
4579
  name = parsed.name;
4563
4580
  }
4564
4581
  } catch (err3) {
@@ -4577,7 +4594,7 @@ async function discoverNetwork(input) {
4577
4594
  try {
4578
4595
  const descriptor = await input.node.fetchByNetworkId(networkId);
4579
4596
  if (descriptor !== null) {
4580
- const validated = validateDescriptor(descriptor, networkId, principal, name);
4597
+ const validated = validateDescriptor(descriptor, networkId, ownerDid, name);
4581
4598
  if (!validated.ok) return validated;
4582
4599
  return { ok: true, data: { descriptor: validated.data, source: "node" } };
4583
4600
  }
@@ -4587,11 +4604,11 @@ async function discoverNetwork(input) {
4587
4604
  if (input.wellKnown !== void 0) {
4588
4605
  try {
4589
4606
  const descriptor = await input.wellKnown.fetchWellKnown(
4590
- principal,
4607
+ ownerDid,
4591
4608
  networkDiscoveryKey(name)
4592
4609
  );
4593
4610
  if (descriptor !== null) {
4594
- const validated = validateDescriptor(descriptor, networkId, principal, name);
4611
+ const validated = validateDescriptor(descriptor, networkId, ownerDid, name);
4595
4612
  if (!validated.ok) return validated;
4596
4613
  return {
4597
4614
  ok: true,
@@ -4610,8 +4627,20 @@ async function discoverNetwork(input) {
4610
4627
  })
4611
4628
  };
4612
4629
  }
4613
- function validateDescriptor(descriptor, networkId, principal, name) {
4614
- if (descriptor.networkId !== networkId) {
4630
+ function validateDescriptor(descriptor, networkId, ownerDid, name) {
4631
+ let descriptorNetwork;
4632
+ try {
4633
+ descriptorNetwork = parseNetworkId(descriptor.networkId);
4634
+ } catch (err3) {
4635
+ return {
4636
+ ok: false,
4637
+ error: encryptionError({
4638
+ code: "INVALID_NETWORK_ID",
4639
+ message: `descriptor networkId is malformed: ${err3 instanceof Error ? err3.message : String(err3)}`
4640
+ })
4641
+ };
4642
+ }
4643
+ if (descriptorNetwork.name !== name || !ownerDidMatches(descriptorNetwork.ownerDid, ownerDid)) {
4615
4644
  return {
4616
4645
  ok: false,
4617
4646
  error: encryptionError({
@@ -4620,12 +4649,13 @@ function validateDescriptor(descriptor, networkId, principal, name) {
4620
4649
  })
4621
4650
  };
4622
4651
  }
4623
- if (descriptor.principal !== principal) {
4652
+ const descriptorOwnerDid = descriptorOwner(descriptor);
4653
+ if (descriptorOwnerDid === void 0 || !ownerDidMatches(descriptorOwnerDid, ownerDid) || !ownerDidMatches(descriptorOwnerDid, descriptorNetwork.ownerDid)) {
4624
4654
  return {
4625
4655
  ok: false,
4626
4656
  error: encryptionError({
4627
4657
  code: "INVALID_NETWORK_ID",
4628
- message: "descriptor principal does not match networkId principal"
4658
+ message: "descriptor ownerDid does not match networkId ownerDid"
4629
4659
  })
4630
4660
  };
4631
4661
  }
@@ -4647,7 +4677,20 @@ function validateDescriptor(descriptor, networkId, principal, name) {
4647
4677
  })
4648
4678
  };
4649
4679
  }
4650
- return { ok: true, data: descriptor };
4680
+ return {
4681
+ ok: true,
4682
+ data: {
4683
+ ...descriptor,
4684
+ ownerDid: descriptorOwnerDid
4685
+ }
4686
+ };
4687
+ }
4688
+ function descriptorOwner(descriptor) {
4689
+ if (typeof descriptor.ownerDid === "string" && descriptor.ownerDid.length > 0) {
4690
+ return descriptor.ownerDid;
4691
+ }
4692
+ const legacyDescriptor = descriptor;
4693
+ return typeof legacyDescriptor.principal === "string" && legacyDescriptor.principal.length > 0 ? legacyDescriptor.principal : void 0;
4651
4694
  }
4652
4695
  function ensureNetworkUsableForDecrypt(descriptor) {
4653
4696
  if (descriptor.state === "active" || descriptor.state === "rotating") {
@@ -5117,10 +5160,10 @@ var EncryptionService = class extends BaseService {
5117
5160
  get crypto() {
5118
5161
  return this._config.crypto;
5119
5162
  }
5120
- async discoverNetwork(identifier, principal) {
5163
+ async discoverNetwork(identifier, ownerDid) {
5121
5164
  const result = await discoverNetwork({
5122
5165
  identifier,
5123
- ...principal !== void 0 ? { principal } : {},
5166
+ ...ownerDid !== void 0 ? { ownerDid } : {},
5124
5167
  ...this._config.node !== void 0 ? { node: this._config.node } : {},
5125
5168
  ...this._config.wellKnown !== void 0 ? { wellKnown: this._config.wellKnown } : {}
5126
5169
  });