@vex-chat/libvex 2.0.0 → 4.0.0

package/src/storage/sqlite.ts

@@ -1,6 +1,5 @@
 import type { Message } from "../index.js";
 import type { Storage } from "../Storage.js";
-import type { Logger } from "../transport/types.js";
 import type {
     PreKeysCrypto,
     SessionCrypto,
@@ -29,6 +28,7 @@ import {
     type KeyPair,
     xBoxKeyPairFromSecret,
     XKeyConvert,
+    xMakeNonce,
     xSecretbox,
     xSecretboxOpen,
     xSignKeyPairFromSecret,
@@ -42,12 +42,10 @@ export class SqliteStorage extends EventEmitter implements Storage {
     private closing = false;
     private readonly db: Kysely<ClientDatabase>;
     private readonly idKeys: KeyPair;
-    private readonly log: Logger;
 
-    constructor(db: Kysely<ClientDatabase>, SK: string, logger: Logger) {
+    constructor(db: Kysely<ClientDatabase>, SK: string) {
         super();
         this.db = db;
-        this.log = logger;
 
         const idKeys = XKeyConvert.convertKeyPair(
             xSignKeyPairFromSecret(XUtils.decodeHex(SK)),
@@ -62,7 +60,6 @@ export class SqliteStorage extends EventEmitter implements Storage {
 
     async close(): Promise<void> {
         this.closing = true;
-        this.log.info("Closing database.");
         await this.db.destroy();
     }
 
@@ -89,9 +86,6 @@ export class SqliteStorage extends EventEmitter implements Storage {
 
     async deleteMessage(mailID: string): Promise<void> {
         if (this.closing) {
-            this.log.warn(
-                "Database is closing, deleteMessage() will not complete.",
-            );
             return;
         }
         await this.db
@@ -102,9 +96,6 @@ export class SqliteStorage extends EventEmitter implements Storage {
 
     async deleteOneTimeKey(index: number): Promise<void> {
         if (this.closing) {
-            this.log.warn(
-                "Database is closing, deleteOneTimeKey() will not complete.",
-            );
             return;
         }
         await this.db
@@ -115,9 +106,6 @@ export class SqliteStorage extends EventEmitter implements Storage {
 
     async getAllSessions(): Promise<SessionSQL[]> {
         if (this.closing) {
-            this.log.warn(
-                "Database is closing, getAllSessions() will not complete.",
-            );
             return [];
         }
         const rows = await this.db
@@ -145,9 +133,6 @@ export class SqliteStorage extends EventEmitter implements Storage {
 
     async getGroupHistory(channelID: string): Promise<Message[]> {
         if (this.closing) {
-            this.log.warn(
-                "Database is closing, getGroupHistory() will not complete.",
-            );
             return [];
         }
 
@@ -163,9 +148,6 @@ export class SqliteStorage extends EventEmitter implements Storage {
 
     async getMessageHistory(userID: string): Promise<Message[]> {
         if (this.closing) {
-            this.log.warn(
-                "Database is closing, getMessageHistory() will not complete.",
-            );
             return [];
         }
 
@@ -197,9 +179,6 @@ export class SqliteStorage extends EventEmitter implements Storage {
     async getOneTimeKey(index: number): Promise<null | PreKeysCrypto> {
         await this.untilReady();
         if (this.closing) {
-            this.log.warn(
-                "Database is closing, getOneTimeKey() will not complete.",
-            );
             return null;
         }
 
@@ -211,13 +190,12 @@ export class SqliteStorage extends EventEmitter implements Storage {
 
         const otkInfo = rows[0];
         if (!otkInfo) {
-            this.log.debug("getOneTimeKey() => " + JSON.stringify(null));
             return null;
         }
         return {
             index: otkInfo.index,
             keyPair: xBoxKeyPairFromSecret(
-                XUtils.decodeHex(otkInfo.privateKey),
+                XUtils.decodeHex(this.unsealHex(otkInfo.privateKey)),
             ),
             signature: XUtils.decodeHex(otkInfo.signature),
         };
@@ -226,9 +204,6 @@ export class SqliteStorage extends EventEmitter implements Storage {
     async getPreKeys(): Promise<null | PreKeysCrypto> {
         await this.untilReady();
         if (this.closing) {
-            this.log.warn(
-                "Database is closing, getPreKeys() will not complete.",
-            );
             return null;
         }
 
@@ -236,13 +211,12 @@ export class SqliteStorage extends EventEmitter implements Storage {
 
         const preKeyInfo = rows[0];
         if (!preKeyInfo) {
-            this.log.debug("getPreKeys() => " + JSON.stringify(null));
             return null;
         }
         return {
             index: preKeyInfo.index,
             keyPair: xBoxKeyPairFromSecret(
-                XUtils.decodeHex(preKeyInfo.privateKey),
+                XUtils.decodeHex(this.unsealHex(preKeyInfo.privateKey)),
             ),
             signature: XUtils.decodeHex(preKeyInfo.signature),
         };
@@ -252,9 +226,6 @@ export class SqliteStorage extends EventEmitter implements Storage {
         deviceID: string,
     ): Promise<null | SessionCrypto> {
         if (this.closing) {
-            this.log.warn(
-                "Database is closing, getSessionByDeviceID() will not complete.",
-            );
             return null;
         }
         const rows = await this.db
@@ -267,7 +238,6 @@ export class SqliteStorage extends EventEmitter implements Storage {
 
         const sessionRow = rows[0];
         if (!sessionRow) {
-            this.log.debug("getSession() => " + JSON.stringify(null));
             return null;
         }
 
@@ -278,9 +248,6 @@ export class SqliteStorage extends EventEmitter implements Storage {
         publicKey: Uint8Array,
     ): Promise<null | SessionCrypto> {
         if (this.closing) {
-            this.log.warn(
-                "Database is closing, getSessionByPublicKey() will not complete.",
-            );
             return null;
         }
         const hex = XUtils.encodeHex(publicKey);
@@ -294,9 +261,6 @@ export class SqliteStorage extends EventEmitter implements Storage {
 
         const sessionRow = rows[0];
         if (!sessionRow) {
-            this.log.warn(
-                `getSessionByPublicKey(${hex}) => ${JSON.stringify(null)}`,
-            );
             return null;
         }
 
@@ -304,7 +268,6 @@ export class SqliteStorage extends EventEmitter implements Storage {
     }
 
     async init(): Promise<void> {
-        this.log.info("Initializing database tables.");
         try {
             await this.db.schema
                 .createTable("messages")
@@ -388,9 +351,6 @@ export class SqliteStorage extends EventEmitter implements Storage {
 
     async markSessionUsed(sessionID: string): Promise<void> {
         if (this.closing) {
-            this.log.warn(
-                "Database is closing, markSessionUsed() will not complete.",
-            );
             return;
         }
         await this.db
@@ -404,9 +364,6 @@ export class SqliteStorage extends EventEmitter implements Storage {
 
     async markSessionVerified(sessionID: string): Promise<void> {
         if (this.closing) {
-            this.log.warn(
-                "Database is closing, markSessionVerified() will not complete.",
-            );
             return;
         }
         await this.db
@@ -429,9 +386,6 @@ export class SqliteStorage extends EventEmitter implements Storage {
 
     async saveDevice(device: Device): Promise<void> {
         if (this.closing) {
-            this.log.warn(
-                "Database is closing, saveDevice() will not complete.",
-            );
             return;
         }
         try {
@@ -448,7 +402,7 @@ export class SqliteStorage extends EventEmitter implements Storage {
                 .execute();
         } catch (err: unknown) {
             if (this.isDuplicateError(err)) {
-                this.log.warn("Attempted to insert duplicate deviceID");
+                // duplicate deviceID — ignore
             } else {
                 throw err;
             }
@@ -459,9 +413,6 @@ export class SqliteStorage extends EventEmitter implements Storage {
 
     async saveMessage(message: Message): Promise<void> {
         if (this.closing) {
-            this.log.warn(
-                "Database is closing, saveMessage() will not complete.",
-            );
             return;
         }
 
@@ -494,7 +445,7 @@ export class SqliteStorage extends EventEmitter implements Storage {
                 .execute();
         } catch (err: unknown) {
             if (this.isDuplicateError(err)) {
-                this.log.warn("Duplicate nonce in message table.");
+                // duplicate nonce — ignore
             } else {
                 throw err;
             }
@@ -507,9 +458,6 @@ export class SqliteStorage extends EventEmitter implements Storage {
     ): Promise<PreKeysSQL[]> {
         await this.untilReady();
         if (this.closing) {
-            this.log.warn(
-                "Database is closing, savePreKeys() will not complete.",
-            );
             return [];
         }
 
@@ -520,7 +468,9 @@ export class SqliteStorage extends EventEmitter implements Storage {
             const row = await this.db
                 .insertInto(table)
                 .values({
-                    privateKey: XUtils.encodeHex(preKey.keyPair.secretKey),
+                    privateKey: this.sealHex(
+                        XUtils.encodeHex(preKey.keyPair.secretKey),
+                    ),
                     publicKey: XUtils.encodeHex(preKey.keyPair.publicKey),
                     signature: XUtils.encodeHex(preKey.signature),
                 })
@@ -544,9 +494,6 @@ export class SqliteStorage extends EventEmitter implements Storage {
 
     async saveSession(session: SessionSQL): Promise<void> {
         if (this.closing) {
-            this.log.warn(
-                "Database is closing, saveSession() will not complete.",
-            );
             return;
         }
         try {
@@ -559,14 +506,14 @@ export class SqliteStorage extends EventEmitter implements Storage {
                     mode: session.mode,
                     publicKey: session.publicKey,
                     sessionID: session.sessionID,
-                    SK: session.SK,
+                    SK: this.sealHex(session.SK),
                     userID: session.userID,
                     verified: session.verified ? 1 : 0,
                 })
                 .execute();
         } catch (err: unknown) {
             if (this.isDuplicateError(err)) {
-                this.log.warn("Attempted to insert duplicate SK");
+                // duplicate SK — ignore
             } else {
                 throw err;
             }
@@ -634,6 +581,23 @@ export class SqliteStorage extends EventEmitter implements Storage {
         return false;
     }
 
+    /**
+     * Encrypt a hex-encoded secret for at-rest storage.
+     * Returns hex(nonce || ciphertext) where nonce is 24 random bytes.
+     */
+    private sealHex(plainHex: string): string {
+        const nonce = xMakeNonce();
+        const ct = xSecretbox(
+            XUtils.decodeHex(plainHex),
+            nonce,
+            this.idKeys.secretKey,
+        );
+        const sealed = new Uint8Array(nonce.length + ct.length);
+        sealed.set(nonce);
+        sealed.set(ct, nonce.length);
+        return XUtils.encodeHex(sealed);
+    }
+
     private sessionRowToSQL(row: SessionRow): SessionSQL {
         return {
             deviceID: row.deviceID,
@@ -642,7 +606,7 @@ export class SqliteStorage extends EventEmitter implements Storage {
             mode: row.mode === "initiator" ? "initiator" : "receiver",
             publicKey: row.publicKey,
             sessionID: row.sessionID,
-            SK: row.SK,
+            SK: this.unsealHex(row.SK),
             userID: row.userID,
             verified: row.verified !== 0,
         };
@@ -660,6 +624,21 @@ export class SqliteStorage extends EventEmitter implements Storage {
         };
     }
 
+    /**
+     * Decrypt a value produced by sealHex().
+     * Expects hex(nonce || ciphertext), returns the original hex string.
+     */
+    private unsealHex(sealed: string): string {
+        const bytes = XUtils.decodeHex(sealed);
+        const nonce = bytes.slice(0, 24);
+        const ct = bytes.slice(24);
+        const plain = xSecretboxOpen(ct, nonce, this.idKeys.secretKey);
+        if (!plain) {
+            throw new Error("Failed to decrypt sealed column value.");
+        }
+        return XUtils.encodeHex(plain);
+    }
+
     private async untilReady(): Promise<void> {
         if (this.ready) return;
         return new Promise((resolve) => {

package/src/transport/types.ts

@@ -1,10 +1,3 @@
-export interface Logger {
-    debug(message: string, ...args: unknown[]): void;
-    error(message: string, ...args: unknown[]): void;
-    info(message: string, ...args: unknown[]): void;
-    warn(message: string, ...args: unknown[]): void;
-}
-
 export type WebSocketEvent = keyof WebSocketEventMap;
 
 export interface WebSocketEventMap {

package/src/types/crypto.ts

@@ -1,11 +1,12 @@
 /**
- * SDK-internal crypto types. These were moved from @vex-chat/types
+ * SDK-internal crypto types. These were moved from `@vex-chat/types`
  * because they are only used by the SDK, never by the server.
  *
- * The KeyPair shape matches tweetnacl's nacl.BoxKeyPair without
+ * The KeyPair shape matches tweetnacl's `nacl.BoxKeyPair` without
  * importing from tweetnacl — future WASM migration only changes this file.
  */
 
+/** A NaCl box key pair (Curve25519 public + secret). */
 export interface KeyPair {
     publicKey: Uint8Array;
     secretKey: Uint8Array;
@@ -16,12 +17,14 @@ export interface PreKeysCrypto extends UnsavedPreKey {
     index: number;
 }
 
+/** In-memory representation of an encryption session (not yet persisted to SQL). */
 export interface SessionCrypto {
     fingerprint: Uint8Array;
     lastUsed: string;
     mode: "initiator" | "receiver";
     publicKey: Uint8Array;
     sessionID: string;
+    /** Shared secret key derived during X3DH. */
     SK: Uint8Array;
     userID: string;
 }

package/src/types/identity.ts

@@ -1,14 +1,19 @@
 /**
- * SDK credential storage types. Moved from @vex-chat/types
+ * SDK credential storage types. Moved from `@vex-chat/types`
  * because only the SDK and app consumers use them.
  */
 
+/**
+ * Persistent credential store used by apps to save/load login state
+ * (e.g. Keychain on macOS, SecureStorage on mobile).
+ */
 export interface KeyStore {
     clear(username: string): Promise<void>;
     load(username?: string): Promise<null | StoredCredentials>;
     save(creds: StoredCredentials): Promise<void>;
 }
 
+/** Credentials persisted between sessions for auto-login. */
 export interface StoredCredentials {
     deviceID: string;
     deviceKey: string;

package/dist/utils/createLogger.d.ts

@@ -1,6 +0,0 @@
-import winston from "winston";
-/**
- * @ignore
- */
-export declare function createLogger(logName: string, logLevel?: string): winston.Logger;
-//# sourceMappingURL=createLogger.d.ts.map

package/dist/utils/createLogger.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"createLogger.d.ts","sourceRoot":"","sources":["../../src/utils/createLogger.ts"],"names":[],"mappings":"AAAA,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B;;GAEG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,kBA+B9D"}

package/dist/utils/createLogger.js

@@ -1,27 +0,0 @@
-import winston from "winston";
-/**
- * @ignore
- */
-export function createLogger(logName, logLevel) {
-    const logger = winston.createLogger({
-        defaultMeta: { service: "vex-" + logName },
-        format: winston.format.combine(winston.format.timestamp({
-            format: "YYYY-MM-DD HH:mm:ss",
-        }), winston.format.errors({ stack: true }), winston.format.splat(), winston.format.json()),
-        level: logLevel || "error",
-        transports: [
-            new winston.transports.File({
-                filename: "vex:" + logName + ".log",
-                level: "error",
-            }),
-        ],
-    });
-    // Also log to console outside production.
-    if (process.env["NODE_ENV"] !== "production") {
-        logger.add(new winston.transports.Console({
-            format: winston.format.combine(winston.format.colorize(), winston.format.simple()),
-        }));
-    }
-    return logger;
-}
-//# sourceMappingURL=createLogger.js.map

package/dist/utils/createLogger.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"createLogger.js","sourceRoot":"","sources":["../../src/utils/createLogger.ts"],"names":[],"mappings":"AAAA,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,OAAe,EAAE,QAAiB;IAC3D,MAAM,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;QAChC,WAAW,EAAE,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,EAAE;QAC1C,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO,CAC1B,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC;YACrB,MAAM,EAAE,qBAAqB;SAChC,CAAC,EACF,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,EACtC,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,EACtB,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,CACxB;QACD,KAAK,EAAE,QAAQ,IAAI,OAAO;QAC1B,UAAU,EAAE;YACR,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;gBACxB,QAAQ,EAAE,MAAM,GAAG,OAAO,GAAG,MAAM;gBACnC,KAAK,EAAE,OAAO;aACjB,CAAC;SACL;KACJ,CAAC,CAAC;IACH,0CAA0C;IAC1C,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,YAAY,EAAE,CAAC;QAC3C,MAAM,CAAC,GAAG,CACN,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC;YAC3B,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO,CAC1B,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,EACzB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,CAC1B;SACJ,CAAC,CACL,CAAC;IACN,CAAC;IACD,OAAO,MAAM,CAAC;AAClB,CAAC"}

package/src/utils/createLogger.ts

@@ -1,37 +0,0 @@
-import winston from "winston";
-
-/**
- * @ignore
- */
-export function createLogger(logName: string, logLevel?: string) {
-    const logger = winston.createLogger({
-        defaultMeta: { service: "vex-" + logName },
-        format: winston.format.combine(
-            winston.format.timestamp({
-                format: "YYYY-MM-DD HH:mm:ss",
-            }),
-            winston.format.errors({ stack: true }),
-            winston.format.splat(),
-            winston.format.json(),
-        ),
-        level: logLevel || "error",
-        transports: [
-            new winston.transports.File({
-                filename: "vex:" + logName + ".log",
-                level: "error",
-            }),
-        ],
-    });
-    // Also log to console outside production.
-    if (process.env["NODE_ENV"] !== "production") {
-        logger.add(
-            new winston.transports.Console({
-                format: winston.format.combine(
-                    winston.format.colorize(),
-                    winston.format.simple(),
-                ),
-            }),
-        );
-    }
-    return logger;
-}