@vaultsandbox/client 0.9.0 → 0.9.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +44 -26
- package/dist/client.d.ts +11 -0
- package/dist/client.js +32 -0
- package/dist/client.js.map +1 -1
- package/dist/crypto/decrypt.d.ts +33 -4
- package/dist/crypto/decrypt.js +64 -40
- package/dist/crypto/decrypt.js.map +1 -1
- package/dist/crypto/signature.d.ts +5 -2
- package/dist/crypto/signature.js +16 -9
- package/dist/crypto/signature.js.map +1 -1
- package/dist/email.d.ts +2 -1
- package/dist/email.js +8 -2
- package/dist/email.js.map +1 -1
- package/dist/http/api-client.js +30 -8
- package/dist/http/api-client.js.map +1 -1
- package/dist/inbox.d.ts +14 -0
- package/dist/inbox.js +66 -10
- package/dist/inbox.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js.map +1 -1
- package/dist/strategies/delivery-strategy.d.ts +5 -2
- package/dist/strategies/polling-strategy.d.ts +10 -2
- package/dist/strategies/polling-strategy.js +32 -10
- package/dist/strategies/polling-strategy.js.map +1 -1
- package/dist/strategies/sse-strategy.d.ts +23 -2
- package/dist/strategies/sse-strategy.js +102 -15
- package/dist/strategies/sse-strategy.js.map +1 -1
- package/dist/types/index.d.ts +13 -0
- package/dist/types/index.js.map +1 -1
- package/dist/utils/email-utils.d.ts +7 -1
- package/dist/utils/email-utils.js +47 -32
- package/dist/utils/email-utils.js.map +1 -1
- package/package.json +7 -7
package/README.md
CHANGED
|
@@ -14,36 +14,15 @@
|
|
|
14
14
|
[](https://opensource.org/licenses/Apache-2.0)
|
|
15
15
|
[](https://nodejs.org/)
|
|
16
16
|
|
|
17
|
-
**Production-like email testing. Self-hosted
|
|
17
|
+
**Production-like email testing. Self-hosted and secure.**
|
|
18
18
|
|
|
19
|
-
The official Node.js SDK for [VaultSandbox Gateway](https://github.com/vaultsandbox/gateway) — a
|
|
19
|
+
The official Node.js SDK for [VaultSandbox Gateway](https://github.com/vaultsandbox/gateway) — a self-hosted SMTP testing platform that replicates real-world email delivery with TLS, authentication, spam analysis, chaos engineering, and zero-knowledge encryption.
|
|
20
20
|
|
|
21
|
-
Stop mocking
|
|
21
|
+
Stop mocking. Test email like production.
|
|
22
22
|
|
|
23
|
-
|
|
23
|
+
**[See full feature list →](https://github.com/vaultsandbox/gateway)**
|
|
24
24
|
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
| Feature | Simple Mocks | Public SaaS | **VaultSandbox** |
|
|
28
|
-
| :------------------ | :--------------- | :----------- | :------------------ |
|
|
29
|
-
| **TLS/SSL** | Ignored/Disabled | Partial | **Real ACME certs** |
|
|
30
|
-
| **Data Privacy** | Local only | Shared cloud | **Private VPC** |
|
|
31
|
-
| **Inbound Mail** | Outbound only | Yes | **Real MX** |
|
|
32
|
-
| **Auth (SPF/DKIM)** | None | Limited | **Full Validation** |
|
|
33
|
-
| **Crypto** | Plaintext | Varies | **Zero-Knowledge** |
|
|
34
|
-
|
|
35
|
-
## Features
|
|
36
|
-
|
|
37
|
-
- **Quantum-Safe Encryption** — Automatic ML-KEM-768 (Kyber768) key encapsulation + AES-256-GCM encryption
|
|
38
|
-
- **Zero Crypto Knowledge Required** — All cryptographic operations are invisible to the user
|
|
39
|
-
- **Real-Time Email Delivery** — SSE-based delivery with smart polling fallback
|
|
40
|
-
- **Built for CI/CD** — Deterministic tests without sleeps, polling, or flakiness
|
|
41
|
-
- **Full Email Access** — Decrypt and access email content, headers, links, and attachments
|
|
42
|
-
- **Email Authentication** — Built-in SPF/DKIM/DMARC validation helpers
|
|
43
|
-
- **[Spam Analysis](https://vaultsandbox.dev/client-node/concepts/spam-analysis/)** — Rspamd integration for spam scores, classifications, and rule analysis
|
|
44
|
-
- **[Webhooks](https://vaultsandbox.dev/client-node/guides/webhooks/)** — Global and per-inbox HTTP callbacks for email events with filtering and templates
|
|
45
|
-
- **[Chaos Engineering](https://vaultsandbox.dev/client-node/guides/chaos/)** — Per-inbox SMTP failure simulation (latency, drops, errors, greylisting, blackhole)
|
|
46
|
-
- **Type-Safe** — Full TypeScript support with comprehensive type definitions
|
|
25
|
+
> **Node.js 20+** required. Not intended for browsers or edge runtimes.
|
|
47
26
|
|
|
48
27
|
## Installation
|
|
49
28
|
|
|
@@ -277,6 +256,45 @@ const subscription = inbox.onNewEmail((email) => {
|
|
|
277
256
|
// subscription.unsubscribe();
|
|
278
257
|
```
|
|
279
258
|
|
|
259
|
+
### Webhooks
|
|
260
|
+
|
|
261
|
+
Get notified when emails arrive via HTTP webhooks.
|
|
262
|
+
|
|
263
|
+
```javascript
|
|
264
|
+
const inbox = await client.createInbox();
|
|
265
|
+
|
|
266
|
+
// Create a webhook
|
|
267
|
+
const webhook = await inbox.createWebhook({
|
|
268
|
+
url: 'https://your-server.com/webhook',
|
|
269
|
+
events: ['email.received'],
|
|
270
|
+
template: 'slack', // Or 'discord', 'teams', 'default'
|
|
271
|
+
});
|
|
272
|
+
|
|
273
|
+
console.log('Webhook secret:', webhook.secret); // Use for signature verification
|
|
274
|
+
```
|
|
275
|
+
|
|
276
|
+
### Chaos Engineering
|
|
277
|
+
|
|
278
|
+
Test your application's resilience by simulating email delivery issues.
|
|
279
|
+
|
|
280
|
+
```javascript
|
|
281
|
+
const inbox = await client.createInbox();
|
|
282
|
+
|
|
283
|
+
// Enable latency injection
|
|
284
|
+
await inbox.setChaosConfig({
|
|
285
|
+
enabled: true,
|
|
286
|
+
latency: {
|
|
287
|
+
enabled: true,
|
|
288
|
+
minDelayMs: 1000,
|
|
289
|
+
maxDelayMs: 5000,
|
|
290
|
+
probability: 0.5, // 50% of emails affected
|
|
291
|
+
},
|
|
292
|
+
});
|
|
293
|
+
|
|
294
|
+
// Disable when done
|
|
295
|
+
await inbox.disableChaos();
|
|
296
|
+
```
|
|
297
|
+
|
|
280
298
|
## API Reference
|
|
281
299
|
|
|
282
300
|
### VaultSandboxClient
|
package/dist/client.d.ts
CHANGED
|
@@ -47,6 +47,7 @@ export declare class VaultSandboxClient {
|
|
|
47
47
|
private config;
|
|
48
48
|
private serverPublicKey;
|
|
49
49
|
private encryptionPolicy;
|
|
50
|
+
private maxTtl;
|
|
50
51
|
private inboxes;
|
|
51
52
|
private strategy;
|
|
52
53
|
/**
|
|
@@ -263,6 +264,16 @@ export declare class VaultSandboxClient {
|
|
|
263
264
|
importInboxFromFile(filePath: string): Promise<Inbox>;
|
|
264
265
|
/**
|
|
265
266
|
* Closes the client, terminates any active connections, and cleans up resources.
|
|
267
|
+
*
|
|
268
|
+
* This method performs a graceful shutdown by:
|
|
269
|
+
* 1. Unsubscribing all inboxes from email notifications
|
|
270
|
+
* 2. Waiting for pending operations to complete (up to timeout)
|
|
271
|
+
* 3. Closing the delivery strategy connection
|
|
272
|
+
* 4. Clearing all tracked inboxes
|
|
273
|
+
*
|
|
274
|
+
* @returns A promise that resolves when the client is closed
|
|
275
|
+
* @example
|
|
276
|
+
* await client.close();
|
|
266
277
|
*/
|
|
267
278
|
close(): Promise<void>;
|
|
268
279
|
}
|
package/dist/client.js
CHANGED
|
@@ -64,6 +64,7 @@ export class VaultSandboxClient {
|
|
|
64
64
|
config;
|
|
65
65
|
serverPublicKey = null;
|
|
66
66
|
encryptionPolicy = null;
|
|
67
|
+
maxTtl = null;
|
|
67
68
|
inboxes = new Map();
|
|
68
69
|
strategy = null;
|
|
69
70
|
/**
|
|
@@ -86,6 +87,7 @@ export class VaultSandboxClient {
|
|
|
86
87
|
const serverInfo = await this.apiClient.getServerInfo();
|
|
87
88
|
this.serverPublicKey = serverInfo.serverSigPk;
|
|
88
89
|
this.encryptionPolicy = serverInfo.encryptionPolicy;
|
|
90
|
+
this.maxTtl = serverInfo.maxTtl;
|
|
89
91
|
// Create delivery strategy based on config
|
|
90
92
|
// Note: SSE for email events (/api/events) is always available
|
|
91
93
|
this.strategy = this.createStrategy();
|
|
@@ -118,6 +120,7 @@ export class VaultSandboxClient {
|
|
|
118
120
|
reconnectInterval: this.config.sseReconnectInterval ?? 5000,
|
|
119
121
|
maxReconnectAttempts: this.config.sseMaxReconnectAttempts ?? 10,
|
|
120
122
|
backoffMultiplier: 2,
|
|
123
|
+
maxCacheSize: this.config.sseMaxCacheSize,
|
|
121
124
|
});
|
|
122
125
|
}
|
|
123
126
|
// Polling strategy (explicit only)
|
|
@@ -143,6 +146,18 @@ export class VaultSandboxClient {
|
|
|
143
146
|
*/
|
|
144
147
|
async createInbox(options = {}) {
|
|
145
148
|
await this.ensureInitialized();
|
|
149
|
+
// Validate TTL if provided
|
|
150
|
+
if (options.ttl !== undefined) {
|
|
151
|
+
if (typeof options.ttl !== 'number' || !Number.isInteger(options.ttl)) {
|
|
152
|
+
throw new Error('TTL must be an integer');
|
|
153
|
+
}
|
|
154
|
+
if (options.ttl <= 0) {
|
|
155
|
+
throw new Error('TTL must be positive');
|
|
156
|
+
}
|
|
157
|
+
if (this.maxTtl && options.ttl > this.maxTtl) {
|
|
158
|
+
throw new Error(`TTL exceeds server maximum of ${this.maxTtl} seconds`);
|
|
159
|
+
}
|
|
160
|
+
}
|
|
146
161
|
const useEncryption = this.shouldEncrypt(options);
|
|
147
162
|
// Generate keypair only for encrypted inboxes
|
|
148
163
|
const keypair = useEncryption ? generateKeypair() : null;
|
|
@@ -532,12 +547,29 @@ export class VaultSandboxClient {
|
|
|
532
547
|
}
|
|
533
548
|
/**
|
|
534
549
|
* Closes the client, terminates any active connections, and cleans up resources.
|
|
550
|
+
*
|
|
551
|
+
* This method performs a graceful shutdown by:
|
|
552
|
+
* 1. Unsubscribing all inboxes from email notifications
|
|
553
|
+
* 2. Waiting for pending operations to complete (up to timeout)
|
|
554
|
+
* 3. Closing the delivery strategy connection
|
|
555
|
+
* 4. Clearing all tracked inboxes
|
|
556
|
+
*
|
|
557
|
+
* @returns A promise that resolves when the client is closed
|
|
558
|
+
* @example
|
|
559
|
+
* await client.close();
|
|
535
560
|
*/
|
|
536
561
|
async close() {
|
|
562
|
+
debug('Closing client');
|
|
563
|
+
// Unsubscribe all inboxes (synchronous)
|
|
564
|
+
for (const inbox of this.inboxes.values()) {
|
|
565
|
+
inbox.unsubscribeAll();
|
|
566
|
+
}
|
|
567
|
+
// Close the delivery strategy
|
|
537
568
|
if (this.strategy) {
|
|
538
569
|
this.strategy.close();
|
|
539
570
|
}
|
|
540
571
|
this.inboxes.clear();
|
|
572
|
+
debug('Client closed successfully');
|
|
541
573
|
}
|
|
542
574
|
}
|
|
543
575
|
//# sourceMappingURL=client.js.map
|
package/dist/client.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AACtC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,WAAW,MAAM,OAAO,CAAC;AAChC,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACjD,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AACnC,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAC;AAClG,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAC9E,OAAO,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AAanE,OAAO,EACL,kBAAkB,EAClB,uBAAuB,EACvB,sBAAsB,EACtB,aAAa,EACb,QAAQ,GACT,MAAM,kBAAkB,CAAC;AAE1B,MAAM,KAAK,GAAG,WAAW,CAAC,qBAAqB,CAAC,CAAC;AAEjD;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,YAAa,SAAQ,YAAY;IACpC,aAAa,GAAmB,EAAE,CAAC;IAE3C;;;;OAIG;IACH,eAAe,CAAC,YAA0B;QACxC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,WAAW;QACT,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;QACvD,IAAI,CAAC,aAAa,GAAG,EAAE,CAAC;QACxB,IAAI,CAAC,kBAAkB,EAAE,CAAC;IAC5B,CAAC;IAED;;;;;OAKG;IACH,SAAS,CAAC,KAAY,EAAE,KAAa;QACnC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;IACnC,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,OAAO,kBAAkB;IACrB,SAAS,CAAY;IACrB,MAAM,CAAe;IACrB,eAAe,GAAkB,IAAI,CAAC;IACtC,gBAAgB,GAA4B,IAAI,CAAC;IACjD,OAAO,GAAuB,IAAI,GAAG,EAAE,CAAC;IACxC,QAAQ,GAA4B,IAAI,CAAC;IAEjD;;;OAGG;IACH,YAAY,MAAoB;QAC9B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,SAAS,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,iBAAiB;QAC7B,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,OAAO;QACT,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,CAAC;QACxD,IAAI,CAAC,eAAe,GAAG,UAAU,CAAC,WAAW,CAAC;QAC9C,IAAI,CAAC,gBAAgB,GAAG,UAAU,CAAC,gBAAgB,CAAC;QAEpD,2CAA2C;QAC3C,+DAA+D;QAC/D,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;IACxC,CAAC;IAED;;;OAGG;IACK,aAAa,CAAC,OAA2B;QAC/C,mDAAmD;QACnD,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;YACvB,OAAO,OAAO,CAAC,UAAU,KAAK,WAAW,CAAC;QAC5C,CAAC;QACD,qCAAqC;QACrC,OAAO,IAAI,CAAC,gBAAgB,KAAK,QAAQ,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,CAAC;IACnF,CAAC;IAED;;;;OAIG;IACK,cAAc;QACpB,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,KAAK,CAAC;QAEnD,yBAAyB;QACzB,IAAI,YAAY,KAAK,KAAK,EAAE,CAAC;YAC3B,KAAK,CAAC,2CAA2C,CAAC,CAAC;YACnD,OAAO,IAAI,WAAW,CAAC,IAAI,CAAC,SAAS,EAAE;gBACrC,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,GAAG;gBACpB,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;gBAC1B,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,oBAAoB,IAAI,IAAI;gBAC3D,oBAAoB,EAAE,IAAI,CAAC,MAAM,CAAC,uBAAuB,IAAI,EAAE;gBAC/D,iBAAiB,EAAE,CAAC;aACrB,CAAC,CAAC;QACL,CAAC;QAED,mCAAmC;QACnC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAChC,OAAO,IAAI,eAAe,CAAC,IAAI,CAAC,SAAS,EAAE;YACzC,eAAe,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe,IAAI,IAAI;YACpD,UAAU,EAAE,KAAK;YACjB,iBAAiB,EAAE,GAAG;YACtB,YAAY,EAAE,GAAG;SAClB,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,WAAW,CAAC,UAA8B,EAAE;QAChD,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAE/B,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAElD,8CAA8C;QAC9C,MAAM,OAAO,GAAG,aAAa,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QAEzD,yBAAyB;QACzB,IAAI,SAAoB,CAAC;QACzB,IAAI,CAAC;YACH,SAAS,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,CAC1C,OAAO,EAAE,YAAY,EACrB,OAAO,CAAC,GAAG,EACX,OAAO,CAAC,YAAY,EACpB,OAAO,CAAC,SAAS,EACjB,OAAO,CAAC,UAAU,EAClB,OAAO,CAAC,YAAY,EACpB,OAAO,CAAC,KAAK,CACd,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,kDAAkD;YAClD,IAAI,KAAK,YAAY,QAAQ,IAAI,KAAK,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;gBAC1D,iEAAiE;gBACjE,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,IAAI,mBAAmB,CAAC;gBAC5D,MAAM,IAAI,uBAAuB,CAAC,yBAAyB,OAAO,EAAE,CAAC,CAAC;YACxE,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;QAED,wBAAwB;QACxB,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,WAAW,IAAI,IAAI,CAAC,CAAC;QAE3F,wBAAwB;QACxB,2EAA2E;QAC3E,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACnC,CAAC;QAED,cAAc;QACd,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;QAE5C,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;OAIG;IACH,0FAA0F;IAC1F,KAAK,CAAC,gBAAgB;QACpB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,gBAAgB,EAAE,CAAC;QACvD,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACrB,OAAO,MAAM,CAAC,OAAO,CAAC;IACxB,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,WAAW,CAAC,YAAoB;QACpC,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;QAC/C,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IACpC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,aAAa;QACjB,OAAO,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,CAAC;IACxC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,QAAQ;QACZ,OAAO,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;IACnC,CAAC;IAED;;;;;OAKG;IACH,cAAc,CAAC,OAAgB;QAC7B,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,MAAM,IAAI,aAAa,CAAC,yDAAyD,CAAC,CAAC;QACrF,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,YAAY,EAAE,CAAC;QAEnC,0BAA0B;QAC1B,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,YAAY,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC,KAAK,EAAE,EAAE;gBAC9C,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;YAClC,CAAC,CAAC,CAAC;YACH,OAAO,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;QACxC,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;;;;;;;OAUG;IACH,WAAW,CAAC,YAA4B;QACtC,yBAAyB;QACzB,MAAM,YAAY,GAAG,OAAO,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,YAAY,CAAC;QACjG,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAE7C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,kBAAkB,CAAC,oBAAoB,YAAY,EAAE,CAAC,CAAC;QACnE,CAAC;QAED,OAAO,KAAK,CAAC,MAAM,EAAE,CAAC;IACxB,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,WAAW,CAAC,IAAuB;QACvC,2BAA2B;QAC3B,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;QAE3B,kEAAkE;QAClE,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;QAElC,gCAAgC;QAChC,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAE7C,6BAA6B;QAC7B,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAEvC,8BAA8B;QAC9B,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAE9B,uBAAuB;QACvB,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAE/C,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAE/B,oEAAoE;QACpE,IAAI,OAAO,GAAmB,IAAI,CAAC;QACnC,wEAAwE;QACxE,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,0CAA0C;YAC1C,mFAAmF;YACnF,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBACrB,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBAC/C,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACjD,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,sBAAsB,CAAC,+CAA+C,CAAC,CAAC;YACpF,CAAC;YAED,wCAAwC;YACxC,mFAAmF;YACnF,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACnB,OAAO,GAAG,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC;YAC7C,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,sBAAsB,CAAC,6CAA6C,CAAC,CAAC;YAClF,CAAC;QACH,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAE5C,OAAO,IAAI,CAAC,mBAAmB,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IACtD,CAAC;IAED;;;;;OAKG;IACK,eAAe,CAAC,IAAuB;QAC7C,IAAI,IAAI,CAAC,OAAO,KAAK,cAAc,EAAE,CAAC;YACpC,MAAM,IAAI,sBAAsB,CAAC,wBAAwB,IAAI,CAAC,OAAO,cAAc,cAAc,EAAE,CAAC,CAAC;QACvG,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACK,sBAAsB,CAAC,IAAuB;QACpD,mCAAmC;QACnC,MAAM,oBAAoB,GAAgC,CAAC,cAAc,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC;QAEnH,KAAK,MAAM,KAAK,IAAI,oBAAoB,EAAE,CAAC;YACzC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;YAC1B,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;gBAChG,MAAM,IAAI,sBAAsB,CAAC,6BAA6B,KAAK,EAAE,CAAC,CAAC;YACzE,CAAC;QACH,CAAC;QAED,oCAAoC;QACpC,IAAI,OAAO,IAAI,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YACxC,iEAAiE;YACjE,MAAM,IAAI,sBAAsB,CAAC,qCAAqC,CAAC,CAAC;QAC1E,CAAC;QAED,oEAAoE;QACpE,oEAAoE;IACtE,CAAC;IAED;;;;;OAKG;IACK,oBAAoB,CAAC,YAAoB;QAC/C,MAAM,OAAO,GAAG,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;QACxD,IAAI,OAAO,KAAK,CAAC,EAAE,CAAC;YAClB,MAAM,IAAI,sBAAsB,CAAC,6DAA6D,CAAC,CAAC;QAClG,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,iBAAiB,CAAC,SAAiB;QACzC,2FAA2F;QAC3F,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAC1C,MAAM,IAAI,sBAAsB,CAAC,uCAAuC,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,uBAAuB,CAAC,WAAmB;QACjD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;YAC3C,IAAI,OAAO,CAAC,MAAM,KAAK,qBAAqB,EAAE,CAAC;gBAC7C,MAAM,IAAI,sBAAsB,CAC9B,4CAA4C,qBAAqB,SAAS,OAAO,CAAC,MAAM,EAAE,CAC3F,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,sBAAsB;gBAAE,MAAM,KAAK,CAAC;YACzD,MAAM,QAAQ,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,0BAA0B,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACnG,MAAM,IAAI,sBAAsB,CAAC,uCAAuC,QAAQ,EAAE,CAAC,CAAC;QACtF,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,kBAAkB,CAAC,IAAuB;QAChD,IAAI,CAAC;YACH,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;YACvC,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,sBAAsB,CAAC,0BAA0B,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,sBAAsB,CAAC,YAAoB;QACjD,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;YACnC,MAAM,IAAI,uBAAuB,CAAC,yBAAyB,YAAY,EAAE,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACK,uBAAuB,CAAC,WAAmB;QACjD,IAAI,WAAW,KAAK,IAAI,CAAC,eAAe,EAAE,CAAC;YACzC,MAAM,IAAI,sBAAsB,CAAC,4EAA4E,CAAC,CAAC;QACjH,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACK,qBAAqB,CAAC,IAAuB;QACnD,6FAA6F;QAC7F,MAAM,SAAS,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,SAAU,EAAE,QAAQ,CAAC,CAAC;QACrE,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,eAAe,EAAE,QAAQ,CAAC,CAAC;QAE7D,0DAA0D;QAC1D,MAAM,SAAS,GAAG,yBAAyB,CAAC,SAAS,CAAC,CAAC;QAEvD,OAAO;YACL,SAAS;YACT,SAAS;YACT,YAAY,EAAE,WAAW,CAAC,SAAS,CAAC;SACrC,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACK,kBAAkB,CAAC,SAAiB,EAAE,OAAe;QAC3D,IAAI,CAAC;YACH,OAAO,aAAa,CAAC,SAAS,CAAC,CAAC;QAClC,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,sBAAsB,CAAC,iCAAiC,OAAO,MAAM,CAAC,CAAC;QACnF,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACK,iBAAiB,CAAC,GAAe,EAAE,cAAsB,EAAE,OAAe;QAChF,IAAI,GAAG,CAAC,MAAM,KAAK,cAAc,EAAE,CAAC;YAClC,MAAM,IAAI,sBAAsB,CAAC,WAAW,OAAO,yBAAyB,cAAc,SAAS,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QACnH,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,cAAc,CAAC,IAAuB;QAC5C,OAAO;YACL,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,WAAW,EAAE,IAAI,CAAC,WAAW;SAC9B,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACK,mBAAmB,CAAC,SAAoB,EAAE,OAAuB;QACvE,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,SAAS,EACT,OAAO,EACP,IAAI,CAAC,SAAS,EACd,SAAS,CAAC,WAAW,IAAI,0BAA0B,CAAC,IAAI,CACzD,CAAC;QAEF,2EAA2E;QAC3E,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACnC,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;QAC5C,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,iBAAiB,CAAC,YAA4B,EAAE,QAAgB;QACpE,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;QAC5C,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC3C,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IAC3C,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,mBAAmB,CAAC,QAAgB;QACxC,IAAI,IAAuB,CAAC;QAE5B,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACvD,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QAClC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,sBAAsB,CAC9B,iCAAiC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAC5F,CAAC;QACJ,CAAC;QAED,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,KAAK;QACT,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACxB,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;CACF"}
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AACtC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,WAAW,MAAM,OAAO,CAAC;AAChC,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACjD,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AACnC,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAC;AAClG,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAC9E,OAAO,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AAanE,OAAO,EACL,kBAAkB,EAClB,uBAAuB,EACvB,sBAAsB,EACtB,aAAa,EACb,QAAQ,GACT,MAAM,kBAAkB,CAAC;AAE1B,MAAM,KAAK,GAAG,WAAW,CAAC,qBAAqB,CAAC,CAAC;AAEjD;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,YAAa,SAAQ,YAAY;IACpC,aAAa,GAAmB,EAAE,CAAC;IAE3C;;;;OAIG;IACH,eAAe,CAAC,YAA0B;QACxC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,WAAW;QACT,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;QACvD,IAAI,CAAC,aAAa,GAAG,EAAE,CAAC;QACxB,IAAI,CAAC,kBAAkB,EAAE,CAAC;IAC5B,CAAC;IAED;;;;;OAKG;IACH,SAAS,CAAC,KAAY,EAAE,KAAa;QACnC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;IACnC,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,OAAO,kBAAkB;IACrB,SAAS,CAAY;IACrB,MAAM,CAAe;IACrB,eAAe,GAAkB,IAAI,CAAC;IACtC,gBAAgB,GAA4B,IAAI,CAAC;IACjD,MAAM,GAAkB,IAAI,CAAC;IAC7B,OAAO,GAAuB,IAAI,GAAG,EAAE,CAAC;IACxC,QAAQ,GAA4B,IAAI,CAAC;IAEjD;;;OAGG;IACH,YAAY,MAAoB;QAC9B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,SAAS,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,iBAAiB;QAC7B,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,OAAO;QACT,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,CAAC;QACxD,IAAI,CAAC,eAAe,GAAG,UAAU,CAAC,WAAW,CAAC;QAC9C,IAAI,CAAC,gBAAgB,GAAG,UAAU,CAAC,gBAAgB,CAAC;QACpD,IAAI,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC;QAEhC,2CAA2C;QAC3C,+DAA+D;QAC/D,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;IACxC,CAAC;IAED;;;OAGG;IACK,aAAa,CAAC,OAA2B;QAC/C,mDAAmD;QACnD,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;YACvB,OAAO,OAAO,CAAC,UAAU,KAAK,WAAW,CAAC;QAC5C,CAAC;QACD,qCAAqC;QACrC,OAAO,IAAI,CAAC,gBAAgB,KAAK,QAAQ,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,CAAC;IACnF,CAAC;IAED;;;;OAIG;IACK,cAAc;QACpB,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,KAAK,CAAC;QAEnD,yBAAyB;QACzB,IAAI,YAAY,KAAK,KAAK,EAAE,CAAC;YAC3B,KAAK,CAAC,2CAA2C,CAAC,CAAC;YACnD,OAAO,IAAI,WAAW,CAAC,IAAI,CAAC,SAAS,EAAE;gBACrC,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,GAAG;gBACpB,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;gBAC1B,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,oBAAoB,IAAI,IAAI;gBAC3D,oBAAoB,EAAE,IAAI,CAAC,MAAM,CAAC,uBAAuB,IAAI,EAAE;gBAC/D,iBAAiB,EAAE,CAAC;gBACpB,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe;aAC1C,CAAC,CAAC;QACL,CAAC;QAED,mCAAmC;QACnC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAChC,OAAO,IAAI,eAAe,CAAC,IAAI,CAAC,SAAS,EAAE;YACzC,eAAe,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe,IAAI,IAAI;YACpD,UAAU,EAAE,KAAK;YACjB,iBAAiB,EAAE,GAAG;YACtB,YAAY,EAAE,GAAG;SAClB,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,WAAW,CAAC,UAA8B,EAAE;QAChD,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAE/B,2BAA2B;QAC3B,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YAC9B,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;gBACtE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;YAC5C,CAAC;YACD,IAAI,OAAO,CAAC,GAAG,IAAI,CAAC,EAAE,CAAC;gBACrB,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;YAC1C,CAAC;YACD,IAAI,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;gBAC7C,MAAM,IAAI,KAAK,CAAC,iCAAiC,IAAI,CAAC,MAAM,UAAU,CAAC,CAAC;YAC1E,CAAC;QACH,CAAC;QAED,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAElD,8CAA8C;QAC9C,MAAM,OAAO,GAAG,aAAa,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QAEzD,yBAAyB;QACzB,IAAI,SAAoB,CAAC;QACzB,IAAI,CAAC;YACH,SAAS,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,CAC1C,OAAO,EAAE,YAAY,EACrB,OAAO,CAAC,GAAG,EACX,OAAO,CAAC,YAAY,EACpB,OAAO,CAAC,SAAS,EACjB,OAAO,CAAC,UAAU,EAClB,OAAO,CAAC,YAAY,EACpB,OAAO,CAAC,KAAK,CACd,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,kDAAkD;YAClD,IAAI,KAAK,YAAY,QAAQ,IAAI,KAAK,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;gBAC1D,iEAAiE;gBACjE,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,IAAI,mBAAmB,CAAC;gBAC5D,MAAM,IAAI,uBAAuB,CAAC,yBAAyB,OAAO,EAAE,CAAC,CAAC;YACxE,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;QAED,wBAAwB;QACxB,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,WAAW,IAAI,IAAI,CAAC,CAAC;QAE3F,wBAAwB;QACxB,2EAA2E;QAC3E,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACnC,CAAC;QAED,cAAc;QACd,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;QAE5C,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;OAIG;IACH,0FAA0F;IAC1F,KAAK,CAAC,gBAAgB;QACpB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,gBAAgB,EAAE,CAAC;QACvD,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACrB,OAAO,MAAM,CAAC,OAAO,CAAC;IACxB,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,WAAW,CAAC,YAAoB;QACpC,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;QAC/C,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IACpC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,aAAa;QACjB,OAAO,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,CAAC;IACxC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,QAAQ;QACZ,OAAO,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;IACnC,CAAC;IAED;;;;;OAKG;IACH,cAAc,CAAC,OAAgB;QAC7B,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,MAAM,IAAI,aAAa,CAAC,yDAAyD,CAAC,CAAC;QACrF,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,YAAY,EAAE,CAAC;QAEnC,0BAA0B;QAC1B,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,YAAY,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC,KAAK,EAAE,EAAE;gBAC9C,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;YAClC,CAAC,CAAC,CAAC;YACH,OAAO,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;QACxC,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;;;;;;;OAUG;IACH,WAAW,CAAC,YAA4B;QACtC,yBAAyB;QACzB,MAAM,YAAY,GAAG,OAAO,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,YAAY,CAAC;QACjG,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAE7C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,kBAAkB,CAAC,oBAAoB,YAAY,EAAE,CAAC,CAAC;QACnE,CAAC;QAED,OAAO,KAAK,CAAC,MAAM,EAAE,CAAC;IACxB,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,WAAW,CAAC,IAAuB;QACvC,2BAA2B;QAC3B,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;QAE3B,kEAAkE;QAClE,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;QAElC,gCAAgC;QAChC,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAE7C,6BAA6B;QAC7B,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAEvC,8BAA8B;QAC9B,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAE9B,uBAAuB;QACvB,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAE/C,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAE/B,oEAAoE;QACpE,IAAI,OAAO,GAAmB,IAAI,CAAC;QACnC,wEAAwE;QACxE,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,0CAA0C;YAC1C,mFAAmF;YACnF,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBACrB,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBAC/C,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACjD,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,sBAAsB,CAAC,+CAA+C,CAAC,CAAC;YACpF,CAAC;YAED,wCAAwC;YACxC,mFAAmF;YACnF,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACnB,OAAO,GAAG,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC;YAC7C,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,sBAAsB,CAAC,6CAA6C,CAAC,CAAC;YAClF,CAAC;QACH,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAE5C,OAAO,IAAI,CAAC,mBAAmB,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IACtD,CAAC;IAED;;;;;OAKG;IACK,eAAe,CAAC,IAAuB;QAC7C,IAAI,IAAI,CAAC,OAAO,KAAK,cAAc,EAAE,CAAC;YACpC,MAAM,IAAI,sBAAsB,CAAC,wBAAwB,IAAI,CAAC,OAAO,cAAc,cAAc,EAAE,CAAC,CAAC;QACvG,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACK,sBAAsB,CAAC,IAAuB;QACpD,mCAAmC;QACnC,MAAM,oBAAoB,GAAgC,CAAC,cAAc,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC;QAEnH,KAAK,MAAM,KAAK,IAAI,oBAAoB,EAAE,CAAC;YACzC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;YAC1B,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;gBAChG,MAAM,IAAI,sBAAsB,CAAC,6BAA6B,KAAK,EAAE,CAAC,CAAC;YACzE,CAAC;QACH,CAAC;QAED,oCAAoC;QACpC,IAAI,OAAO,IAAI,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YACxC,iEAAiE;YACjE,MAAM,IAAI,sBAAsB,CAAC,qCAAqC,CAAC,CAAC;QAC1E,CAAC;QAED,oEAAoE;QACpE,oEAAoE;IACtE,CAAC;IAED;;;;;OAKG;IACK,oBAAoB,CAAC,YAAoB;QAC/C,MAAM,OAAO,GAAG,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;QACxD,IAAI,OAAO,KAAK,CAAC,EAAE,CAAC;YAClB,MAAM,IAAI,sBAAsB,CAAC,6DAA6D,CAAC,CAAC;QAClG,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,iBAAiB,CAAC,SAAiB;QACzC,2FAA2F;QAC3F,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAC1C,MAAM,IAAI,sBAAsB,CAAC,uCAAuC,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,uBAAuB,CAAC,WAAmB;QACjD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;YAC3C,IAAI,OAAO,CAAC,MAAM,KAAK,qBAAqB,EAAE,CAAC;gBAC7C,MAAM,IAAI,sBAAsB,CAC9B,4CAA4C,qBAAqB,SAAS,OAAO,CAAC,MAAM,EAAE,CAC3F,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,sBAAsB;gBAAE,MAAM,KAAK,CAAC;YACzD,MAAM,QAAQ,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,0BAA0B,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACnG,MAAM,IAAI,sBAAsB,CAAC,uCAAuC,QAAQ,EAAE,CAAC,CAAC;QACtF,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,kBAAkB,CAAC,IAAuB;QAChD,IAAI,CAAC;YACH,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;YACvC,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,sBAAsB,CAAC,0BAA0B,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,sBAAsB,CAAC,YAAoB;QACjD,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;YACnC,MAAM,IAAI,uBAAuB,CAAC,yBAAyB,YAAY,EAAE,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACK,uBAAuB,CAAC,WAAmB;QACjD,IAAI,WAAW,KAAK,IAAI,CAAC,eAAe,EAAE,CAAC;YACzC,MAAM,IAAI,sBAAsB,CAAC,4EAA4E,CAAC,CAAC;QACjH,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACK,qBAAqB,CAAC,IAAuB;QACnD,6FAA6F;QAC7F,MAAM,SAAS,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,SAAU,EAAE,QAAQ,CAAC,CAAC;QACrE,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,eAAe,EAAE,QAAQ,CAAC,CAAC;QAE7D,0DAA0D;QAC1D,MAAM,SAAS,GAAG,yBAAyB,CAAC,SAAS,CAAC,CAAC;QAEvD,OAAO;YACL,SAAS;YACT,SAAS;YACT,YAAY,EAAE,WAAW,CAAC,SAAS,CAAC;SACrC,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACK,kBAAkB,CAAC,SAAiB,EAAE,OAAe;QAC3D,IAAI,CAAC;YACH,OAAO,aAAa,CAAC,SAAS,CAAC,CAAC;QAClC,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,sBAAsB,CAAC,iCAAiC,OAAO,MAAM,CAAC,CAAC;QACnF,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACK,iBAAiB,CAAC,GAAe,EAAE,cAAsB,EAAE,OAAe;QAChF,IAAI,GAAG,CAAC,MAAM,KAAK,cAAc,EAAE,CAAC;YAClC,MAAM,IAAI,sBAAsB,CAAC,WAAW,OAAO,yBAAyB,cAAc,SAAS,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QACnH,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,cAAc,CAAC,IAAuB;QAC5C,OAAO;YACL,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,WAAW,EAAE,IAAI,CAAC,WAAW;SAC9B,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACK,mBAAmB,CAAC,SAAoB,EAAE,OAAuB;QACvE,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,SAAS,EACT,OAAO,EACP,IAAI,CAAC,SAAS,EACd,SAAS,CAAC,WAAW,IAAI,0BAA0B,CAAC,IAAI,CACzD,CAAC;QAEF,2EAA2E;QAC3E,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACnC,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;QAC5C,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,iBAAiB,CAAC,YAA4B,EAAE,QAAgB;QACpE,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;QAC5C,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC3C,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IAC3C,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,mBAAmB,CAAC,QAAgB;QACxC,IAAI,IAAuB,CAAC;QAE5B,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACvD,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QAClC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,sBAAsB,CAC9B,iCAAiC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAC5F,CAAC;QACJ,CAAC;QAED,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,KAAK;QACT,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAExB,wCAAwC;QACxC,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1C,KAAK,CAAC,cAAc,EAAE,CAAC;QACzB,CAAC;QAED,8BAA8B;QAC9B,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACxB,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACrB,KAAK,CAAC,4BAA4B,CAAC,CAAC;IACtC,CAAC;CACF"}
|
package/dist/crypto/decrypt.d.ts
CHANGED
|
@@ -3,40 +3,69 @@
|
|
|
3
3
|
* Based on working reference implementation
|
|
4
4
|
*/
|
|
5
5
|
import type { Keypair, EncryptedData } from '../types/index.js';
|
|
6
|
+
/**
|
|
7
|
+
* Pre-decoded payload fields to avoid redundant base64 decoding.
|
|
8
|
+
* Used to pass decoded values between validation, signature verification, and decryption.
|
|
9
|
+
*/
|
|
10
|
+
export interface DecodedPayload {
|
|
11
|
+
ctKem: Uint8Array;
|
|
12
|
+
nonce: Uint8Array;
|
|
13
|
+
aad: Uint8Array;
|
|
14
|
+
ciphertext: Uint8Array;
|
|
15
|
+
sig: Uint8Array;
|
|
16
|
+
serverSigPk: Uint8Array;
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* Decodes all base64url-encoded fields from the encrypted payload.
|
|
20
|
+
* Call once and pass the result to validatePayload, verifySignature, and decrypt operations.
|
|
21
|
+
*
|
|
22
|
+
* @param encryptedData - The encrypted data from the server
|
|
23
|
+
* @returns Pre-decoded payload fields
|
|
24
|
+
* @throws DecryptionError if decoding fails
|
|
25
|
+
*/
|
|
26
|
+
export declare function decodePayload(encryptedData: EncryptedData): DecodedPayload;
|
|
6
27
|
/**
|
|
7
28
|
* Decrypts an encrypted payload using the complete reference implementation flow
|
|
8
29
|
* See vaultsandbox-spec.md Section 8: Decryption Process
|
|
9
30
|
*
|
|
10
31
|
* @param encryptedData - The encrypted data from the server
|
|
11
32
|
* @param keypair - The recipient's keypair
|
|
33
|
+
* @param expectedServerPublicKey - Optional expected server public key (base64url) for MITM protection
|
|
12
34
|
* @returns The decrypted plaintext as a Uint8Array
|
|
13
35
|
* @throws DecryptionError if decryption fails
|
|
36
|
+
* @throws SignatureVerificationError if server key doesn't match expected
|
|
14
37
|
*/
|
|
15
|
-
export declare function decrypt(encryptedData: EncryptedData, keypair: Keypair): Promise<Uint8Array>;
|
|
38
|
+
export declare function decrypt(encryptedData: EncryptedData, keypair: Keypair, expectedServerPublicKey?: string): Promise<Uint8Array>;
|
|
16
39
|
/**
|
|
17
40
|
* Decrypts and parses email metadata
|
|
18
41
|
*
|
|
19
42
|
* @param encryptedData - The encrypted metadata
|
|
20
43
|
* @param keypair - The recipient's keypair
|
|
44
|
+
* @param expectedServerPublicKey - Optional expected server public key (base64url) for MITM protection
|
|
21
45
|
* @returns The decrypted metadata as a parsed JSON object
|
|
22
46
|
* @throws DecryptionError if decryption or parsing fails
|
|
47
|
+
* @throws SignatureVerificationError if server key doesn't match expected
|
|
23
48
|
*/
|
|
24
|
-
export declare function decryptMetadata<T = unknown>(encryptedData: EncryptedData, keypair: Keypair): Promise<T>;
|
|
49
|
+
export declare function decryptMetadata<T = unknown>(encryptedData: EncryptedData, keypair: Keypair, expectedServerPublicKey?: string): Promise<T>;
|
|
25
50
|
/**
|
|
26
51
|
* Decrypts and parses email body (parsed content)
|
|
27
52
|
*
|
|
28
53
|
* @param encryptedData - The encrypted parsed content
|
|
29
54
|
* @param keypair - The recipient's keypair
|
|
55
|
+
* @param expectedServerPublicKey - Optional expected server public key (base64url) for MITM protection
|
|
30
56
|
* @returns The decrypted parsed content as a JSON object
|
|
31
57
|
* @throws DecryptionError if decryption or parsing fails
|
|
58
|
+
* @throws SignatureVerificationError if server key doesn't match expected
|
|
32
59
|
*/
|
|
33
|
-
export declare function decryptParsed<T = unknown>(encryptedData: EncryptedData, keypair: Keypair): Promise<T>;
|
|
60
|
+
export declare function decryptParsed<T = unknown>(encryptedData: EncryptedData, keypair: Keypair, expectedServerPublicKey?: string): Promise<T>;
|
|
34
61
|
/**
|
|
35
62
|
* Decrypts raw email source
|
|
36
63
|
*
|
|
37
64
|
* @param encryptedData - The encrypted raw email
|
|
38
65
|
* @param keypair - The recipient's keypair
|
|
66
|
+
* @param expectedServerPublicKey - Optional expected server public key (base64url) for MITM protection
|
|
39
67
|
* @returns The decrypted raw email as a string
|
|
40
68
|
* @throws DecryptionError if decryption fails
|
|
69
|
+
* @throws SignatureVerificationError if server key doesn't match expected
|
|
41
70
|
*/
|
|
42
|
-
export declare function decryptRaw(encryptedData: EncryptedData, keypair: Keypair): Promise<string>;
|
|
71
|
+
export declare function decryptRaw(encryptedData: EncryptedData, keypair: Keypair, expectedServerPublicKey?: string): Promise<string>;
|
package/dist/crypto/decrypt.js
CHANGED
|
@@ -8,11 +8,38 @@ import { DecryptionError, SignatureVerificationError } from '../types/index.js';
|
|
|
8
8
|
import { verifySignature } from './signature.js';
|
|
9
9
|
import { deriveKey } from './keypair.js';
|
|
10
10
|
import { HKDF_CONTEXT, PROTOCOL_VERSION, MLKEM_CIPHERTEXT_SIZE, AES_NONCE_SIZE, MLDSA_SIGNATURE_SIZE, MLDSA_PUBLIC_KEY_SIZE, } from './constants.js';
|
|
11
|
+
/**
|
|
12
|
+
* Decodes all base64url-encoded fields from the encrypted payload.
|
|
13
|
+
* Call once and pass the result to validatePayload, verifySignature, and decrypt operations.
|
|
14
|
+
*
|
|
15
|
+
* @param encryptedData - The encrypted data from the server
|
|
16
|
+
* @returns Pre-decoded payload fields
|
|
17
|
+
* @throws DecryptionError if decoding fails
|
|
18
|
+
*/
|
|
19
|
+
export function decodePayload(encryptedData) {
|
|
20
|
+
try {
|
|
21
|
+
return {
|
|
22
|
+
ctKem: fromBase64Url(encryptedData.ct_kem),
|
|
23
|
+
nonce: fromBase64Url(encryptedData.nonce),
|
|
24
|
+
aad: fromBase64Url(encryptedData.aad),
|
|
25
|
+
ciphertext: fromBase64Url(encryptedData.ciphertext),
|
|
26
|
+
sig: fromBase64Url(encryptedData.sig),
|
|
27
|
+
serverSigPk: fromBase64Url(encryptedData.server_sig_pk),
|
|
28
|
+
};
|
|
29
|
+
}
|
|
30
|
+
catch (error) {
|
|
31
|
+
/* istanbul ignore next - defensive for non-Error exceptions */
|
|
32
|
+
const message = error instanceof Error ? error.message : String(error);
|
|
33
|
+
throw new DecryptionError(`Failed to decode payload: ${message}`);
|
|
34
|
+
}
|
|
35
|
+
}
|
|
11
36
|
/**
|
|
12
37
|
* Validates the encrypted payload structure and sizes per spec Section 8.1
|
|
38
|
+
* @param encryptedData - The encrypted payload metadata
|
|
39
|
+
* @param decoded - Optional pre-decoded payload fields to avoid redundant decoding
|
|
13
40
|
* @throws DecryptionError if validation fails
|
|
14
41
|
*/
|
|
15
|
-
function validatePayload(encryptedData) {
|
|
42
|
+
function validatePayload(encryptedData, decoded) {
|
|
16
43
|
// Step 2: Validate version
|
|
17
44
|
if (encryptedData.v !== PROTOCOL_VERSION) {
|
|
18
45
|
throw new DecryptionError(`Unsupported protocol version: ${encryptedData.v}, expected ${PROTOCOL_VERSION}`);
|
|
@@ -31,31 +58,20 @@ function validatePayload(encryptedData) {
|
|
|
31
58
|
if (algs.kdf !== 'HKDF-SHA-512') {
|
|
32
59
|
throw new DecryptionError(`Unsupported KDF algorithm: ${algs.kdf}`);
|
|
33
60
|
}
|
|
34
|
-
// Step 4: Validate decoded sizes (
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
}
|
|
40
|
-
const nonce = fromBase64Url(encryptedData.nonce);
|
|
41
|
-
if (nonce.length !== AES_NONCE_SIZE) {
|
|
42
|
-
throw new DecryptionError(`Invalid nonce size: expected ${AES_NONCE_SIZE}, got ${nonce.length}`);
|
|
43
|
-
}
|
|
44
|
-
const sig = fromBase64Url(encryptedData.sig);
|
|
45
|
-
if (sig.length !== MLDSA_SIGNATURE_SIZE) {
|
|
46
|
-
throw new DecryptionError(`Invalid signature size: expected ${MLDSA_SIGNATURE_SIZE}, got ${sig.length}`);
|
|
47
|
-
}
|
|
48
|
-
const serverSigPk = fromBase64Url(encryptedData.server_sig_pk);
|
|
49
|
-
if (serverSigPk.length !== MLDSA_PUBLIC_KEY_SIZE) {
|
|
50
|
-
throw new DecryptionError(`Invalid server public key size: expected ${MLDSA_PUBLIC_KEY_SIZE}, got ${serverSigPk.length}`);
|
|
51
|
-
}
|
|
61
|
+
// Step 4: Validate decoded sizes (use pre-decoded values if available)
|
|
62
|
+
/* istanbul ignore next - decoded is always passed from decrypt(), fallback is defensive */
|
|
63
|
+
const { ctKem, nonce, sig, serverSigPk } = decoded ?? decodePayload(encryptedData);
|
|
64
|
+
if (ctKem.length !== MLKEM_CIPHERTEXT_SIZE) {
|
|
65
|
+
throw new DecryptionError(`Invalid ct_kem size: expected ${MLKEM_CIPHERTEXT_SIZE}, got ${ctKem.length}`);
|
|
52
66
|
}
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
67
|
+
if (nonce.length !== AES_NONCE_SIZE) {
|
|
68
|
+
throw new DecryptionError(`Invalid nonce size: expected ${AES_NONCE_SIZE}, got ${nonce.length}`);
|
|
69
|
+
}
|
|
70
|
+
if (sig.length !== MLDSA_SIGNATURE_SIZE) {
|
|
71
|
+
throw new DecryptionError(`Invalid signature size: expected ${MLDSA_SIGNATURE_SIZE}, got ${sig.length}`);
|
|
72
|
+
}
|
|
73
|
+
if (serverSigPk.length !== MLDSA_PUBLIC_KEY_SIZE) {
|
|
74
|
+
throw new DecryptionError(`Invalid server public key size: expected ${MLDSA_PUBLIC_KEY_SIZE}, got ${serverSigPk.length}`);
|
|
59
75
|
}
|
|
60
76
|
}
|
|
61
77
|
/**
|
|
@@ -64,20 +80,22 @@ function validatePayload(encryptedData) {
|
|
|
64
80
|
*
|
|
65
81
|
* @param encryptedData - The encrypted data from the server
|
|
66
82
|
* @param keypair - The recipient's keypair
|
|
83
|
+
* @param expectedServerPublicKey - Optional expected server public key (base64url) for MITM protection
|
|
67
84
|
* @returns The decrypted plaintext as a Uint8Array
|
|
68
85
|
* @throws DecryptionError if decryption fails
|
|
86
|
+
* @throws SignatureVerificationError if server key doesn't match expected
|
|
69
87
|
*/
|
|
70
|
-
export async function decrypt(encryptedData, keypair) {
|
|
88
|
+
export async function decrypt(encryptedData, keypair, expectedServerPublicKey) {
|
|
71
89
|
try {
|
|
72
|
-
//
|
|
73
|
-
|
|
90
|
+
// Step 1: Decode all base64url fields once
|
|
91
|
+
const decoded = decodePayload(encryptedData);
|
|
92
|
+
// Steps 2-4: Parse and validate payload (version, algorithms, sizes)
|
|
93
|
+
validatePayload(encryptedData, decoded);
|
|
74
94
|
// Step 6: SECURITY: Verify signature BEFORE decryption (prevent tampering)
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
const nonceBytes =
|
|
79
|
-
const aadBytes = fromBase64Url(encryptedData.aad);
|
|
80
|
-
const ciphertextBytes = fromBase64Url(encryptedData.ciphertext);
|
|
95
|
+
// Also validates server public key matches expected if provided (MITM protection)
|
|
96
|
+
verifySignature(encryptedData, decoded, expectedServerPublicKey);
|
|
97
|
+
// Step 7-9: Use pre-decoded values for decapsulation, key derivation, and decryption
|
|
98
|
+
const { ctKem, nonce: nonceBytes, aad: aadBytes, ciphertext: ciphertextBytes } = decoded;
|
|
81
99
|
// 2. KEM Decapsulation to get shared secret
|
|
82
100
|
const sharedSecret = ml_kem768.decapsulate(ctKem, ensureOwnBuffer(keypair.secretKey));
|
|
83
101
|
// 3. Derive AES-256 key using HKDF-SHA-512
|
|
@@ -119,11 +137,13 @@ export async function decrypt(encryptedData, keypair) {
|
|
|
119
137
|
*
|
|
120
138
|
* @param encryptedData - The encrypted metadata
|
|
121
139
|
* @param keypair - The recipient's keypair
|
|
140
|
+
* @param expectedServerPublicKey - Optional expected server public key (base64url) for MITM protection
|
|
122
141
|
* @returns The decrypted metadata as a parsed JSON object
|
|
123
142
|
* @throws DecryptionError if decryption or parsing fails
|
|
143
|
+
* @throws SignatureVerificationError if server key doesn't match expected
|
|
124
144
|
*/
|
|
125
|
-
export async function decryptMetadata(encryptedData, keypair) {
|
|
126
|
-
const plaintext = await decrypt(encryptedData, keypair);
|
|
145
|
+
export async function decryptMetadata(encryptedData, keypair, expectedServerPublicKey) {
|
|
146
|
+
const plaintext = await decrypt(encryptedData, keypair, expectedServerPublicKey);
|
|
127
147
|
try {
|
|
128
148
|
const jsonString = new TextDecoder().decode(plaintext);
|
|
129
149
|
return JSON.parse(jsonString);
|
|
@@ -139,22 +159,26 @@ export async function decryptMetadata(encryptedData, keypair) {
|
|
|
139
159
|
*
|
|
140
160
|
* @param encryptedData - The encrypted parsed content
|
|
141
161
|
* @param keypair - The recipient's keypair
|
|
162
|
+
* @param expectedServerPublicKey - Optional expected server public key (base64url) for MITM protection
|
|
142
163
|
* @returns The decrypted parsed content as a JSON object
|
|
143
164
|
* @throws DecryptionError if decryption or parsing fails
|
|
165
|
+
* @throws SignatureVerificationError if server key doesn't match expected
|
|
144
166
|
*/
|
|
145
|
-
export async function decryptParsed(encryptedData, keypair) {
|
|
146
|
-
return decryptMetadata(encryptedData, keypair);
|
|
167
|
+
export async function decryptParsed(encryptedData, keypair, expectedServerPublicKey) {
|
|
168
|
+
return decryptMetadata(encryptedData, keypair, expectedServerPublicKey);
|
|
147
169
|
}
|
|
148
170
|
/**
|
|
149
171
|
* Decrypts raw email source
|
|
150
172
|
*
|
|
151
173
|
* @param encryptedData - The encrypted raw email
|
|
152
174
|
* @param keypair - The recipient's keypair
|
|
175
|
+
* @param expectedServerPublicKey - Optional expected server public key (base64url) for MITM protection
|
|
153
176
|
* @returns The decrypted raw email as a string
|
|
154
177
|
* @throws DecryptionError if decryption fails
|
|
178
|
+
* @throws SignatureVerificationError if server key doesn't match expected
|
|
155
179
|
*/
|
|
156
|
-
export async function decryptRaw(encryptedData, keypair) {
|
|
157
|
-
const plaintext = await decrypt(encryptedData, keypair);
|
|
180
|
+
export async function decryptRaw(encryptedData, keypair, expectedServerPublicKey) {
|
|
181
|
+
const plaintext = await decrypt(encryptedData, keypair, expectedServerPublicKey);
|
|
158
182
|
try {
|
|
159
183
|
// Decrypted content is a base64-encoded string
|
|
160
184
|
const base64String = new TextDecoder().decode(plaintext);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"decrypt.js","sourceRoot":"","sources":["../../src/crypto/decrypt.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,+BAA+B,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACxE,OAAO,EAAE,eAAe,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAC;AAEhF,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,qBAAqB,EACrB,cAAc,EACd,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"decrypt.js","sourceRoot":"","sources":["../../src/crypto/decrypt.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,+BAA+B,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACxE,OAAO,EAAE,eAAe,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAC;AAEhF,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,qBAAqB,EACrB,cAAc,EACd,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,gBAAgB,CAAC;AAexB;;;;;;;GAOG;AACH,MAAM,UAAU,aAAa,CAAC,aAA4B;IACxD,IAAI,CAAC;QACH,OAAO;YACL,KAAK,EAAE,aAAa,CAAC,aAAa,CAAC,MAAM,CAAC;YAC1C,KAAK,EAAE,aAAa,CAAC,aAAa,CAAC,KAAK,CAAC;YACzC,GAAG,EAAE,aAAa,CAAC,aAAa,CAAC,GAAG,CAAC;YACrC,UAAU,EAAE,aAAa,CAAC,aAAa,CAAC,UAAU,CAAC;YACnD,GAAG,EAAE,aAAa,CAAC,aAAa,CAAC,GAAG,CAAC;YACrC,WAAW,EAAE,aAAa,CAAC,aAAa,CAAC,aAAa,CAAC;SACxD,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,+DAA+D;QAC/D,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,IAAI,eAAe,CAAC,6BAA6B,OAAO,EAAE,CAAC,CAAC;IACpE,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAS,eAAe,CAAC,aAA4B,EAAE,OAAwB;IAC7E,2BAA2B;IAC3B,IAAI,aAAa,CAAC,CAAC,KAAK,gBAAgB,EAAE,CAAC;QACzC,MAAM,IAAI,eAAe,CAAC,iCAAiC,aAAa,CAAC,CAAC,cAAc,gBAAgB,EAAE,CAAC,CAAC;IAC9G,CAAC;IAED,8BAA8B;IAC9B,MAAM,EAAE,IAAI,EAAE,GAAG,aAAa,CAAC;IAC/B,IAAI,IAAI,CAAC,GAAG,KAAK,YAAY,EAAE,CAAC;QAC9B,MAAM,IAAI,eAAe,CAAC,8BAA8B,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;IACtE,CAAC;IACD,IAAI,IAAI,CAAC,GAAG,KAAK,WAAW,EAAE,CAAC;QAC7B,MAAM,IAAI,eAAe,CAAC,oCAAoC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;IAC5E,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QAChC,MAAM,IAAI,eAAe,CAAC,+BAA+B,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACxE,CAAC;IACD,IAAI,IAAI,CAAC,GAAG,KAAK,cAAc,EAAE,CAAC;QAChC,MAAM,IAAI,eAAe,CAAC,8BAA8B,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,uEAAuE;IACvE,2FAA2F;IAC3F,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,WAAW,EAAE,GAAG,OAAO,IAAI,aAAa,CAAC,aAAa,CAAC,CAAC;IAEnF,IAAI,KAAK,CAAC,MAAM,KAAK,qBAAqB,EAAE,CAAC;QAC3C,MAAM,IAAI,eAAe,CAAC,iCAAiC,qBAAqB,SAAS,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3G,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,KAAK,cAAc,EAAE,CAAC;QACpC,MAAM,IAAI,eAAe,CAAC,gCAAgC,cAAc,SAAS,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IACnG,CAAC;IAED,IAAI,GAAG,CAAC,MAAM,KAAK,oBAAoB,EAAE,CAAC;QACxC,MAAM,IAAI,eAAe,CAAC,oCAAoC,oBAAoB,SAAS,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3G,CAAC;IAED,IAAI,WAAW,CAAC,MAAM,KAAK,qBAAqB,EAAE,CAAC;QACjD,MAAM,IAAI,eAAe,CACvB,4CAA4C,qBAAqB,SAAS,WAAW,CAAC,MAAM,EAAE,CAC/F,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAC3B,aAA4B,EAC5B,OAAgB,EAChB,uBAAgC;IAEhC,IAAI,CAAC;QACH,2CAA2C;QAC3C,MAAM,OAAO,GAAG,aAAa,CAAC,aAAa,CAAC,CAAC;QAE7C,qEAAqE;QACrE,eAAe,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QAExC,2EAA2E;QAC3E,kFAAkF;QAClF,eAAe,CAAC,aAAa,EAAE,OAAO,EAAE,uBAAuB,CAAC,CAAC;QAEjE,qFAAqF;QACrF,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,EAAE,QAAQ,EAAE,UAAU,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC;QAEzF,4CAA4C;QAC5C,MAAM,YAAY,GAAG,SAAS,CAAC,WAAW,CAAC,KAAK,EAAE,eAAe,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC;QAEtF,2CAA2C;QAC3C,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QAE5E,8BAA8B;QAC9B,0CAA0C;QAC1C,MAAM,WAAW,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;QAC5C,MAAM,UAAU,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;QAC/C,MAAM,QAAQ,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;QAC3C,MAAM,eAAe,GAAG,eAAe,CAAC,eAAe,CAAC,CAAC;QAEzD,wFAAwF;QACxF,4FAA4F;QAC5F,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC7C,KAAK,EACL,WAAsC,EACtC,EAAE,IAAI,EAAE,SAAS,EAAE,EACnB,KAAK,EACL,CAAC,SAAS,CAAC,CACZ,CAAC;QAEF,wFAAwF;QACxF,4FAA4F;QAC5F,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAC3C;YACE,IAAI,EAAE,SAAS;YACf,EAAE,EAAE,UAAqC;YACzC,cAAc,EAAE,QAAmC;YACnD,SAAS,EAAE,GAAG,EAAE,WAAW;SAC5B,EACD,SAAS,EACT,eAA0C,CAC3C,CAAC;QAEF,OAAO,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;IACnC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,4EAA4E;QAC5E,IAAI,KAAK,YAAY,0BAA0B,EAAE,CAAC;YAChD,MAAM,KAAK,CAAC;QACd,CAAC;QACD,IAAI,KAAK,YAAY,eAAe,EAAE,CAAC;YACrC,MAAM,KAAK,CAAC;QACd,CAAC;QACD,+DAA+D;QAC/D,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,IAAI,eAAe,CAAC,sBAAsB,OAAO,EAAE,CAAC,CAAC;IAC7D,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,aAA4B,EAC5B,OAAgB,EAChB,uBAAgC;IAEhC,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,aAAa,EAAE,OAAO,EAAE,uBAAuB,CAAC,CAAC;IACjF,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAM,CAAC;IACrC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,+DAA+D;QAC/D,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,IAAI,eAAe,CAAC,uCAAuC,OAAO,EAAE,CAAC,CAAC;IAC9E,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,aAA4B,EAC5B,OAAgB,EAChB,uBAAgC;IAEhC,OAAO,eAAe,CAAI,aAAa,EAAE,OAAO,EAAE,uBAAuB,CAAC,CAAC;AAC7E,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,aAA4B,EAC5B,OAAgB,EAChB,uBAAgC;IAEhC,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,aAAa,EAAE,OAAO,EAAE,uBAAuB,CAAC,CAAC;IACjF,IAAI,CAAC;QACH,+CAA+C;QAC/C,MAAM,YAAY,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACzD,wDAAwD;QACxD,MAAM,aAAa,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC;QAC/C,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IACjD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,+DAA+D;QAC/D,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,IAAI,eAAe,CAAC,yCAAyC,OAAO,EAAE,CAAC,CAAC;IAChF,CAAC;AACH,CAAC"}
|
|
@@ -3,15 +3,18 @@
|
|
|
3
3
|
* Based on working reference implementation
|
|
4
4
|
*/
|
|
5
5
|
import type { EncryptedData } from '../types/index.js';
|
|
6
|
+
import type { DecodedPayload } from './decrypt.js';
|
|
6
7
|
/**
|
|
7
8
|
* Verifies an ML-DSA-65 signature on encrypted data
|
|
8
9
|
* IMPORTANT: Must be called BEFORE decryption for security
|
|
9
10
|
*
|
|
10
11
|
* @param encryptedData - The encrypted data with signature
|
|
12
|
+
* @param decoded - Optional pre-decoded payload fields to avoid redundant decoding
|
|
13
|
+
* @param expectedServerPublicKey - Optional expected server public key (base64url) to validate against
|
|
11
14
|
* @returns True if signature is valid
|
|
12
|
-
* @throws SignatureVerificationError if verification fails
|
|
15
|
+
* @throws SignatureVerificationError if verification fails or server key doesn't match expected
|
|
13
16
|
*/
|
|
14
|
-
export declare function verifySignature(encryptedData: EncryptedData): boolean;
|
|
17
|
+
export declare function verifySignature(encryptedData: EncryptedData, decoded?: DecodedPayload, expectedServerPublicKey?: string): boolean;
|
|
15
18
|
/**
|
|
16
19
|
* Verifies a signature without throwing an error
|
|
17
20
|
*
|
package/dist/crypto/signature.js
CHANGED
|
@@ -27,18 +27,25 @@ function buildTranscript(version, algsCiphersuite, ctKem, nonce, aad, ciphertext
|
|
|
27
27
|
* IMPORTANT: Must be called BEFORE decryption for security
|
|
28
28
|
*
|
|
29
29
|
* @param encryptedData - The encrypted data with signature
|
|
30
|
+
* @param decoded - Optional pre-decoded payload fields to avoid redundant decoding
|
|
31
|
+
* @param expectedServerPublicKey - Optional expected server public key (base64url) to validate against
|
|
30
32
|
* @returns True if signature is valid
|
|
31
|
-
* @throws SignatureVerificationError if verification fails
|
|
33
|
+
* @throws SignatureVerificationError if verification fails or server key doesn't match expected
|
|
32
34
|
*/
|
|
33
|
-
export function verifySignature(encryptedData) {
|
|
35
|
+
export function verifySignature(encryptedData, decoded, expectedServerPublicKey) {
|
|
34
36
|
try {
|
|
35
|
-
//
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
const
|
|
37
|
+
// 0. Validate server public key matches expected (MITM protection)
|
|
38
|
+
if (expectedServerPublicKey && encryptedData.server_sig_pk !== expectedServerPublicKey) {
|
|
39
|
+
throw new SignatureVerificationError('Server public key mismatch - possible MITM attack. ' +
|
|
40
|
+
'The encrypted data was signed by a different server than expected.');
|
|
41
|
+
}
|
|
42
|
+
// 1. Use pre-decoded values or decode components
|
|
43
|
+
const signature = decoded?.sig ?? fromBase64Url(encryptedData.sig);
|
|
44
|
+
const ctKem = decoded?.ctKem ?? fromBase64Url(encryptedData.ct_kem);
|
|
45
|
+
const nonceBytes = decoded?.nonce ?? fromBase64Url(encryptedData.nonce);
|
|
46
|
+
const aadBytes = decoded?.aad ?? fromBase64Url(encryptedData.aad);
|
|
47
|
+
const ciphertextBytes = decoded?.ciphertext ?? fromBase64Url(encryptedData.ciphertext);
|
|
48
|
+
const serverSigPk = decoded?.serverSigPk ?? fromBase64Url(encryptedData.server_sig_pk);
|
|
42
49
|
// 2. Build the transcript (exactly as the server did)
|
|
43
50
|
const algsCiphersuite = buildAlgsCiphersuite(encryptedData.algs);
|
|
44
51
|
const transcript = buildTranscript(encryptedData.v, algsCiphersuite, ctKem, nonceBytes, aadBytes, ciphertextBytes, serverSigPk, HKDF_CONTEXT);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signature.js","sourceRoot":"","sources":["../../src/crypto/signature.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,+BAA+B,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC3E,OAAO,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAC;AAE/D,OAAO,EAAE,YAAY,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"signature.js","sourceRoot":"","sources":["../../src/crypto/signature.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,+BAA+B,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC3E,OAAO,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAC;AAE/D,OAAO,EAAE,YAAY,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAC;AAIrE;;GAEG;AACH,SAAS,oBAAoB,CAAC,IAA6D;IACzF,OAAO,GAAG,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;AAC5D,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CACtB,OAAe,EACf,eAAuB,EACvB,KAAiB,EACjB,KAAiB,EACjB,GAAe,EACf,UAAsB,EACtB,WAAuB,EACvB,OAAe;IAEf,MAAM,YAAY,GAAG,IAAI,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IAC/C,MAAM,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IAC5D,MAAM,YAAY,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACvD,OAAO,aAAa,CAAC,YAAY,EAAE,SAAS,EAAE,YAAY,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;AAC1G,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAC7B,aAA4B,EAC5B,OAAwB,EACxB,uBAAgC;IAEhC,IAAI,CAAC;QACH,mEAAmE;QACnE,IAAI,uBAAuB,IAAI,aAAa,CAAC,aAAa,KAAK,uBAAuB,EAAE,CAAC;YACvF,MAAM,IAAI,0BAA0B,CAClC,qDAAqD;gBACnD,oEAAoE,CACvE,CAAC;QACJ,CAAC;QAED,iDAAiD;QACjD,MAAM,SAAS,GAAG,OAAO,EAAE,GAAG,IAAI,aAAa,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QACnE,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,IAAI,aAAa,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QACpE,MAAM,UAAU,GAAG,OAAO,EAAE,KAAK,IAAI,aAAa,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QACxE,MAAM,QAAQ,GAAG,OAAO,EAAE,GAAG,IAAI,aAAa,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAClE,MAAM,eAAe,GAAG,OAAO,EAAE,UAAU,IAAI,aAAa,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;QACvF,MAAM,WAAW,GAAG,OAAO,EAAE,WAAW,IAAI,aAAa,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC;QAEvF,sDAAsD;QACtD,MAAM,eAAe,GAAG,oBAAoB,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QACjE,MAAM,UAAU,GAAG,eAAe,CAChC,aAAa,CAAC,CAAC,EACf,eAAe,EACf,KAAK,EACL,UAAU,EACV,QAAQ,EACR,eAAe,EACf,WAAW,EACX,YAAY,CACb,CAAC;QAEF,0BAA0B;QAC1B,yEAAyE;QACzE,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAC7B,eAAe,CAAC,SAAS,CAAC,EAC1B,eAAe,CAAC,UAAU,CAAC,EAC3B,eAAe,CAAC,WAAW,CAAC,CAC7B,CAAC;QAEF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,0BAA0B,CAAC,uDAAuD,CAAC,CAAC;QAChG,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,0BAA0B,EAAE,CAAC;YAChD,MAAM,KAAK,CAAC;QACd,CAAC;QACD,+DAA+D;QAC/D,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,IAAI,0BAA0B,CAAC,iCAAiC,OAAO,EAAE,CAAC,CAAC;IACnF,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,aAA4B;IAC9D,IAAI,CAAC;QACH,OAAO,eAAe,CAAC,aAAa,CAAC,CAAC;IACxC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CAAC,eAAuB;IAC7D,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,aAAa,CAAC,eAAe,CAAC,CAAC;QACjD,OAAO,SAAS,CAAC,MAAM,KAAK,qBAAqB,CAAC;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}
|
package/dist/email.d.ts
CHANGED
|
@@ -39,11 +39,12 @@ export declare class Email implements IEmail {
|
|
|
39
39
|
private emailAddress;
|
|
40
40
|
private apiClient;
|
|
41
41
|
private keypair;
|
|
42
|
+
private serverPublicKey;
|
|
42
43
|
/**
|
|
43
44
|
* @internal
|
|
44
45
|
* Do not construct this class directly.
|
|
45
46
|
*/
|
|
46
|
-
constructor(emailData: EmailData, metadata: DecryptedMetadata, parsed: DecryptedParsed | null, emailAddress: string, apiClient: ApiClient, keypair: Keypair | null);
|
|
47
|
+
constructor(emailData: EmailData, metadata: DecryptedMetadata, parsed: DecryptedParsed | null, emailAddress: string, apiClient: ApiClient, keypair: Keypair | null, serverPublicKey?: string | null);
|
|
47
48
|
/**
|
|
48
49
|
* Returns whether the email is classified as spam.
|
|
49
50
|
*
|
package/dist/email.js
CHANGED
|
@@ -6,6 +6,7 @@
|
|
|
6
6
|
*/
|
|
7
7
|
import createDebug from 'debug';
|
|
8
8
|
import { decryptRaw } from './crypto/decrypt.js';
|
|
9
|
+
import { DecryptionError } from './types/index.js';
|
|
9
10
|
const debug = createDebug('vaultsandbox:email');
|
|
10
11
|
/**
|
|
11
12
|
* Provides a summary of email authentication results (SPF, DKIM, DMARC).
|
|
@@ -110,11 +111,12 @@ export class Email {
|
|
|
110
111
|
emailAddress;
|
|
111
112
|
apiClient;
|
|
112
113
|
keypair;
|
|
114
|
+
serverPublicKey;
|
|
113
115
|
/**
|
|
114
116
|
* @internal
|
|
115
117
|
* Do not construct this class directly.
|
|
116
118
|
*/
|
|
117
|
-
constructor(emailData, metadata, parsed, emailAddress, apiClient, keypair) {
|
|
119
|
+
constructor(emailData, metadata, parsed, emailAddress, apiClient, keypair, serverPublicKey) {
|
|
118
120
|
this.id = emailData.id;
|
|
119
121
|
this.from = metadata.from;
|
|
120
122
|
this.to = Array.isArray(metadata.to) ? metadata.to : [metadata.to].filter(Boolean);
|
|
@@ -125,6 +127,7 @@ export class Email {
|
|
|
125
127
|
this.emailAddress = emailAddress;
|
|
126
128
|
this.apiClient = apiClient;
|
|
127
129
|
this.keypair = keypair;
|
|
130
|
+
this.serverPublicKey = serverPublicKey ?? null;
|
|
128
131
|
// istanbul ignore next -- this.to is always an array per line 166, else branch is defensive
|
|
129
132
|
debug('Creating email %s from %s to %s', this.id, this.from, Array.isArray(this.to) ? this.to.join(', ') : this.to);
|
|
130
133
|
// If parsed content is available, use it
|
|
@@ -209,7 +212,10 @@ export class Email {
|
|
|
209
212
|
/* istanbul ignore else - defensive for invalid raw email response */
|
|
210
213
|
if (rawEmailData.encryptedRaw) {
|
|
211
214
|
// Encrypted inbox - decrypt the raw content
|
|
212
|
-
|
|
215
|
+
if (!this.keypair) {
|
|
216
|
+
throw new DecryptionError(`Cannot decrypt raw email: no keypair available for ${this.emailAddress}`);
|
|
217
|
+
}
|
|
218
|
+
raw = await decryptRaw(rawEmailData.encryptedRaw, this.keypair, this.serverPublicKey ?? undefined);
|
|
213
219
|
}
|
|
214
220
|
else if (rawEmailData.raw) {
|
|
215
221
|
// Plain inbox - decode base64
|