cojson 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.eslintrc.cjs +18 -0
- package/LICENSE.txt +19 -0
- package/README.md +53 -0
- package/package.json +29 -6
- package/src/coValue.test.ts +135 -0
- package/src/coValue.ts +563 -0
- package/src/contentType.test.ts +196 -0
- package/src/contentType.ts +239 -0
- package/src/crypto.test.ts +189 -0
- package/src/crypto.ts +297 -0
- package/src/index.ts +14 -0
- package/src/jsonValue.ts +6 -0
- package/src/node.ts +193 -0
- package/src/permissions.test.ts +1269 -0
- package/src/permissions.ts +376 -0
- package/src/sync.test.ts +1129 -0
- package/src/sync.ts +512 -0
- package/tsconfig.json +21 -0
|
@@ -0,0 +1,376 @@
|
|
|
1
|
+
import { CoMap, ContentType, MapOpPayload } from "./contentType";
|
|
2
|
+
import { JsonValue } from "./jsonValue";
|
|
3
|
+
import {
|
|
4
|
+
Encrypted,
|
|
5
|
+
KeyID,
|
|
6
|
+
KeySecret,
|
|
7
|
+
RecipientID,
|
|
8
|
+
SealedSet,
|
|
9
|
+
SignatoryID,
|
|
10
|
+
encryptForTransaction,
|
|
11
|
+
newRandomKeySecret,
|
|
12
|
+
seal,
|
|
13
|
+
sealKeySecret,
|
|
14
|
+
} from "./crypto";
|
|
15
|
+
import {
|
|
16
|
+
AgentCredential,
|
|
17
|
+
AgentID,
|
|
18
|
+
CoValue,
|
|
19
|
+
RawCoValueID,
|
|
20
|
+
SessionID,
|
|
21
|
+
Transaction,
|
|
22
|
+
TransactionID,
|
|
23
|
+
TrustingTransaction,
|
|
24
|
+
agentIDfromSessionID,
|
|
25
|
+
} from "./coValue";
|
|
26
|
+
import { LocalNode } from ".";
|
|
27
|
+
|
|
28
|
+
export type PermissionsDef =
|
|
29
|
+
| { type: "team"; initialAdmin: AgentID; parentTeams?: RawCoValueID[] }
|
|
30
|
+
| { type: "ownedByTeam"; team: RawCoValueID }
|
|
31
|
+
| {
|
|
32
|
+
type: "agent";
|
|
33
|
+
initialSignatoryID: SignatoryID;
|
|
34
|
+
initialRecipientID: RecipientID;
|
|
35
|
+
}
|
|
36
|
+
| { type: "unsafeAllowAll" };
|
|
37
|
+
|
|
38
|
+
export type Role = "reader" | "writer" | "admin" | "revoked";
|
|
39
|
+
|
|
40
|
+
export function determineValidTransactions(
|
|
41
|
+
coValue: CoValue
|
|
42
|
+
): { txID: TransactionID; tx: Transaction }[] {
|
|
43
|
+
if (coValue.header.ruleset.type === "team") {
|
|
44
|
+
const allTrustingTransactionsSorted = Object.entries(
|
|
45
|
+
coValue.sessions
|
|
46
|
+
).flatMap(([sessionID, sessionLog]) => {
|
|
47
|
+
return sessionLog.transactions
|
|
48
|
+
.map((tx, txIndex) => ({ sessionID, txIndex, tx }))
|
|
49
|
+
.filter(({ tx }) => {
|
|
50
|
+
if (tx.privacy === "trusting") {
|
|
51
|
+
return true;
|
|
52
|
+
} else {
|
|
53
|
+
console.warn("Unexpected private transaction in Team");
|
|
54
|
+
return false;
|
|
55
|
+
}
|
|
56
|
+
}) as {
|
|
57
|
+
sessionID: SessionID;
|
|
58
|
+
txIndex: number;
|
|
59
|
+
tx: TrustingTransaction;
|
|
60
|
+
}[];
|
|
61
|
+
});
|
|
62
|
+
|
|
63
|
+
allTrustingTransactionsSorted.sort((a, b) => {
|
|
64
|
+
return a.tx.madeAt - b.tx.madeAt;
|
|
65
|
+
});
|
|
66
|
+
|
|
67
|
+
const initialAdmin = coValue.header.ruleset.initialAdmin;
|
|
68
|
+
|
|
69
|
+
if (!initialAdmin) {
|
|
70
|
+
throw new Error("Team must have initialAdmin");
|
|
71
|
+
}
|
|
72
|
+
|
|
73
|
+
const memberState: { [agent: AgentID]: Role } = {};
|
|
74
|
+
|
|
75
|
+
const validTransactions: { txID: TransactionID; tx: Transaction }[] =
|
|
76
|
+
[];
|
|
77
|
+
|
|
78
|
+
for (const {
|
|
79
|
+
sessionID,
|
|
80
|
+
txIndex,
|
|
81
|
+
tx,
|
|
82
|
+
} of allTrustingTransactionsSorted) {
|
|
83
|
+
// console.log("before", { memberState, validTransactions });
|
|
84
|
+
const transactor = agentIDfromSessionID(sessionID);
|
|
85
|
+
|
|
86
|
+
const change = tx.changes[0] as
|
|
87
|
+
| MapOpPayload<AgentID, Role>
|
|
88
|
+
| MapOpPayload<"readKey", JsonValue>;
|
|
89
|
+
if (tx.changes.length !== 1) {
|
|
90
|
+
console.warn("Team transaction must have exactly one change");
|
|
91
|
+
continue;
|
|
92
|
+
}
|
|
93
|
+
|
|
94
|
+
if (change.op !== "insert") {
|
|
95
|
+
console.warn("Team transaction must set a role or readKey");
|
|
96
|
+
continue;
|
|
97
|
+
}
|
|
98
|
+
|
|
99
|
+
if (change.key === "readKey") {
|
|
100
|
+
if (memberState[transactor] !== "admin") {
|
|
101
|
+
console.warn("Only admins can set readKeys");
|
|
102
|
+
continue;
|
|
103
|
+
}
|
|
104
|
+
|
|
105
|
+
// TODO: check validity of agents who the key is revealed to?
|
|
106
|
+
|
|
107
|
+
validTransactions.push({ txID: { sessionID, txIndex }, tx });
|
|
108
|
+
continue;
|
|
109
|
+
}
|
|
110
|
+
|
|
111
|
+
const affectedMember = change.key;
|
|
112
|
+
const assignedRole = change.value;
|
|
113
|
+
|
|
114
|
+
if (
|
|
115
|
+
change.value !== "admin" &&
|
|
116
|
+
change.value !== "writer" &&
|
|
117
|
+
change.value !== "reader" &&
|
|
118
|
+
change.value !== "revoked"
|
|
119
|
+
) {
|
|
120
|
+
console.warn("Team transaction must set a valid role");
|
|
121
|
+
continue;
|
|
122
|
+
}
|
|
123
|
+
|
|
124
|
+
const isFirstSelfAppointment =
|
|
125
|
+
!memberState[transactor] &&
|
|
126
|
+
transactor === initialAdmin &&
|
|
127
|
+
change.op === "insert" &&
|
|
128
|
+
change.key === transactor &&
|
|
129
|
+
change.value === "admin";
|
|
130
|
+
|
|
131
|
+
if (!isFirstSelfAppointment) {
|
|
132
|
+
if (memberState[transactor] !== "admin") {
|
|
133
|
+
console.warn(
|
|
134
|
+
"Team transaction must be made by current admin"
|
|
135
|
+
);
|
|
136
|
+
continue;
|
|
137
|
+
}
|
|
138
|
+
|
|
139
|
+
if (
|
|
140
|
+
memberState[affectedMember] === "admin" &&
|
|
141
|
+
affectedMember !== transactor &&
|
|
142
|
+
assignedRole !== "admin"
|
|
143
|
+
) {
|
|
144
|
+
console.warn("Admins can only demote themselves.");
|
|
145
|
+
continue;
|
|
146
|
+
}
|
|
147
|
+
}
|
|
148
|
+
|
|
149
|
+
memberState[affectedMember] = change.value;
|
|
150
|
+
validTransactions.push({ txID: { sessionID, txIndex }, tx });
|
|
151
|
+
|
|
152
|
+
// console.log("after", { memberState, validTransactions });
|
|
153
|
+
}
|
|
154
|
+
|
|
155
|
+
return validTransactions;
|
|
156
|
+
} else if (coValue.header.ruleset.type === "ownedByTeam") {
|
|
157
|
+
const teamContent =
|
|
158
|
+
coValue.node.expectCoValueLoaded(
|
|
159
|
+
coValue.header.ruleset.team,
|
|
160
|
+
"Determining valid transaction in owned object but its team wasn't loaded"
|
|
161
|
+
).getCurrentContent();
|
|
162
|
+
|
|
163
|
+
if (teamContent.type !== "comap") {
|
|
164
|
+
throw new Error("Team must be a map");
|
|
165
|
+
}
|
|
166
|
+
|
|
167
|
+
return Object.entries(coValue.sessions).flatMap(
|
|
168
|
+
([sessionID, sessionLog]) => {
|
|
169
|
+
const transactor = agentIDfromSessionID(sessionID as SessionID);
|
|
170
|
+
return sessionLog.transactions
|
|
171
|
+
.filter((tx) => {
|
|
172
|
+
const transactorRoleAtTxTime = teamContent.getAtTime(
|
|
173
|
+
transactor,
|
|
174
|
+
tx.madeAt
|
|
175
|
+
);
|
|
176
|
+
|
|
177
|
+
return (
|
|
178
|
+
transactorRoleAtTxTime === "admin" ||
|
|
179
|
+
transactorRoleAtTxTime === "writer"
|
|
180
|
+
);
|
|
181
|
+
})
|
|
182
|
+
.map((tx, txIndex) => ({
|
|
183
|
+
txID: { sessionID: sessionID as SessionID, txIndex },
|
|
184
|
+
tx,
|
|
185
|
+
}));
|
|
186
|
+
}
|
|
187
|
+
);
|
|
188
|
+
} else if (coValue.header.ruleset.type === "unsafeAllowAll") {
|
|
189
|
+
return Object.entries(coValue.sessions).flatMap(
|
|
190
|
+
([sessionID, sessionLog]) => {
|
|
191
|
+
return sessionLog.transactions.map((tx, txIndex) => ({
|
|
192
|
+
txID: { sessionID: sessionID as SessionID, txIndex },
|
|
193
|
+
tx,
|
|
194
|
+
}));
|
|
195
|
+
}
|
|
196
|
+
);
|
|
197
|
+
} else if (coValue.header.ruleset.type === "agent") {
|
|
198
|
+
// TODO
|
|
199
|
+
return [];
|
|
200
|
+
} else {
|
|
201
|
+
throw new Error("Unknown ruleset type " + (coValue.header.ruleset as any).type);
|
|
202
|
+
}
|
|
203
|
+
}
|
|
204
|
+
|
|
205
|
+
export type TeamContent = { [key: AgentID]: Role } & {
|
|
206
|
+
readKey: {
|
|
207
|
+
keyID: KeyID;
|
|
208
|
+
revelation: SealedSet<KeySecret>;
|
|
209
|
+
previousKeys?: {
|
|
210
|
+
[key: KeyID]: Encrypted<
|
|
211
|
+
KeySecret,
|
|
212
|
+
{ sealed: KeyID; sealing: KeyID }
|
|
213
|
+
>;
|
|
214
|
+
};
|
|
215
|
+
};
|
|
216
|
+
};
|
|
217
|
+
|
|
218
|
+
export function expectTeamContent(content: ContentType): CoMap<TeamContent, {}> {
|
|
219
|
+
if (content.type !== "comap") {
|
|
220
|
+
throw new Error("Expected map");
|
|
221
|
+
}
|
|
222
|
+
|
|
223
|
+
return content as CoMap<TeamContent, {}>;
|
|
224
|
+
}
|
|
225
|
+
|
|
226
|
+
export class Team {
|
|
227
|
+
teamMap: CoMap<TeamContent, {}>;
|
|
228
|
+
node: LocalNode;
|
|
229
|
+
|
|
230
|
+
constructor(teamMap: CoMap<TeamContent, {}>, node: LocalNode) {
|
|
231
|
+
this.teamMap = teamMap;
|
|
232
|
+
this.node = node;
|
|
233
|
+
}
|
|
234
|
+
|
|
235
|
+
get id(): RawCoValueID {
|
|
236
|
+
return this.teamMap.id;
|
|
237
|
+
}
|
|
238
|
+
|
|
239
|
+
addMember(agentID: AgentID, role: Role) {
|
|
240
|
+
this.teamMap = this.teamMap.edit((map) => {
|
|
241
|
+
const agent = this.node.expectAgentLoaded(agentID, "Expected to know agent to add them to team");
|
|
242
|
+
|
|
243
|
+
if (!agent) {
|
|
244
|
+
throw new Error("Unknown agent " + agentID);
|
|
245
|
+
}
|
|
246
|
+
|
|
247
|
+
map.set(agentID, role, "trusting");
|
|
248
|
+
if (map.get(agentID) !== role) {
|
|
249
|
+
throw new Error("Failed to set role");
|
|
250
|
+
}
|
|
251
|
+
|
|
252
|
+
const currentReadKey = this.teamMap.coValue.getCurrentReadKey();
|
|
253
|
+
|
|
254
|
+
if (!currentReadKey.secret) {
|
|
255
|
+
throw new Error("Can't add member without read key secret");
|
|
256
|
+
}
|
|
257
|
+
|
|
258
|
+
const revelation = seal(
|
|
259
|
+
currentReadKey.secret,
|
|
260
|
+
this.teamMap.coValue.node.agentCredential.recipientSecret,
|
|
261
|
+
new Set([agent.recipientID]),
|
|
262
|
+
{
|
|
263
|
+
in: this.teamMap.coValue.id,
|
|
264
|
+
tx: this.teamMap.coValue.nextTransactionID(),
|
|
265
|
+
}
|
|
266
|
+
);
|
|
267
|
+
|
|
268
|
+
map.set(
|
|
269
|
+
"readKey",
|
|
270
|
+
{ keyID: currentReadKey.id, revelation },
|
|
271
|
+
"trusting"
|
|
272
|
+
);
|
|
273
|
+
});
|
|
274
|
+
}
|
|
275
|
+
|
|
276
|
+
rotateReadKey() {
|
|
277
|
+
const currentlyPermittedReaders = this.teamMap.keys().filter((key) => {
|
|
278
|
+
if (key.startsWith("co_agent")) {
|
|
279
|
+
const role = this.teamMap.get(key);
|
|
280
|
+
return (
|
|
281
|
+
role === "admin" || role === "writer" || role === "reader"
|
|
282
|
+
);
|
|
283
|
+
} else {
|
|
284
|
+
return false;
|
|
285
|
+
}
|
|
286
|
+
}) as AgentID[];
|
|
287
|
+
|
|
288
|
+
const maybeCurrentReadKey = this.teamMap.coValue.getCurrentReadKey();
|
|
289
|
+
|
|
290
|
+
if (!maybeCurrentReadKey.secret) {
|
|
291
|
+
throw new Error("Can't rotate read key secret we don't have access to");
|
|
292
|
+
}
|
|
293
|
+
|
|
294
|
+
const currentReadKey = {
|
|
295
|
+
id: maybeCurrentReadKey.id,
|
|
296
|
+
secret: maybeCurrentReadKey.secret,
|
|
297
|
+
};
|
|
298
|
+
|
|
299
|
+
const newReadKey = newRandomKeySecret();
|
|
300
|
+
|
|
301
|
+
const newReadKeyRevelation = seal(
|
|
302
|
+
newReadKey.secret,
|
|
303
|
+
this.teamMap.coValue.node.agentCredential.recipientSecret,
|
|
304
|
+
new Set(
|
|
305
|
+
currentlyPermittedReaders.map(
|
|
306
|
+
(reader) => {
|
|
307
|
+
const readerAgent = this.node.expectAgentLoaded(reader, "Expected to know currently permitted reader");
|
|
308
|
+
if (!readerAgent) {
|
|
309
|
+
throw new Error("Unknown agent " + reader);
|
|
310
|
+
}
|
|
311
|
+
return readerAgent.recipientID
|
|
312
|
+
}
|
|
313
|
+
)
|
|
314
|
+
),
|
|
315
|
+
{
|
|
316
|
+
in: this.teamMap.coValue.id,
|
|
317
|
+
tx: this.teamMap.coValue.nextTransactionID(),
|
|
318
|
+
}
|
|
319
|
+
);
|
|
320
|
+
|
|
321
|
+
this.teamMap = this.teamMap.edit((map) => {
|
|
322
|
+
map.set(
|
|
323
|
+
"readKey",
|
|
324
|
+
{
|
|
325
|
+
keyID: newReadKey.id,
|
|
326
|
+
revelation: newReadKeyRevelation,
|
|
327
|
+
previousKeys: {
|
|
328
|
+
[currentReadKey.id]: sealKeySecret({
|
|
329
|
+
sealing: newReadKey,
|
|
330
|
+
toSeal: currentReadKey,
|
|
331
|
+
}).encrypted,
|
|
332
|
+
},
|
|
333
|
+
},
|
|
334
|
+
"trusting"
|
|
335
|
+
);
|
|
336
|
+
});
|
|
337
|
+
}
|
|
338
|
+
|
|
339
|
+
removeMember(agentID: AgentID) {
|
|
340
|
+
this.teamMap = this.teamMap.edit((map) => {
|
|
341
|
+
map.set(agentID, "revoked", "trusting");
|
|
342
|
+
});
|
|
343
|
+
|
|
344
|
+
this.rotateReadKey();
|
|
345
|
+
}
|
|
346
|
+
|
|
347
|
+
createMap<M extends { [key: string]: JsonValue }, Meta extends JsonValue>(
|
|
348
|
+
meta?: M
|
|
349
|
+
): CoMap<M, Meta> {
|
|
350
|
+
return this.node
|
|
351
|
+
.createCoValue({
|
|
352
|
+
type: "comap",
|
|
353
|
+
ruleset: {
|
|
354
|
+
type: "ownedByTeam",
|
|
355
|
+
team: this.teamMap.id,
|
|
356
|
+
},
|
|
357
|
+
meta: meta || null,
|
|
358
|
+
publicNickname: "map",
|
|
359
|
+
})
|
|
360
|
+
.getCurrentContent() as CoMap<M, Meta>;
|
|
361
|
+
}
|
|
362
|
+
|
|
363
|
+
testWithDifferentCredentials(
|
|
364
|
+
credential: AgentCredential,
|
|
365
|
+
sessionId: SessionID
|
|
366
|
+
): Team {
|
|
367
|
+
return new Team(
|
|
368
|
+
expectTeamContent(
|
|
369
|
+
this.teamMap.coValue
|
|
370
|
+
.testWithDifferentCredentials(credential, sessionId)
|
|
371
|
+
.getCurrentContent()
|
|
372
|
+
),
|
|
373
|
+
this.node
|
|
374
|
+
);
|
|
375
|
+
}
|
|
376
|
+
}
|