npm - cojson - Versions diffs - 0.8.39 → 0.8.41 - Mend

cojson 0.8.39 → 0.8.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

package/CHANGELOG.md +8 -0
package/dist/native/coValueCore.js +22 -5
package/dist/native/coValueCore.js.map +1 -1
package/dist/native/coValues/coMap.js +98 -103
package/dist/native/coValues/coMap.js.map +1 -1
package/dist/native/coValues/coStream.js +17 -6
package/dist/native/coValues/coStream.js.map +1 -1
package/dist/native/coValues/group.js +127 -39
package/dist/native/coValues/group.js.map +1 -1
package/dist/native/localNode.js +5 -2
package/dist/native/localNode.js.map +1 -1
package/dist/native/permissions.js +51 -3
package/dist/native/permissions.js.map +1 -1
package/dist/web/coValueCore.js +22 -5
package/dist/web/coValueCore.js.map +1 -1
package/dist/web/coValues/coMap.js +98 -103
package/dist/web/coValues/coMap.js.map +1 -1
package/dist/web/coValues/coStream.js +17 -6
package/dist/web/coValues/coStream.js.map +1 -1
package/dist/web/coValues/group.js +127 -39
package/dist/web/coValues/group.js.map +1 -1
package/dist/web/localNode.js +5 -2
package/dist/web/localNode.js.map +1 -1
package/dist/web/permissions.js +51 -3
package/dist/web/permissions.js.map +1 -1
package/package.json +3 -5
package/src/coValueCore.ts +37 -9
package/src/coValues/coMap.ts +126 -127
package/src/coValues/coStream.ts +27 -10
package/src/coValues/group.ts +218 -50
package/src/localNode.ts +5 -2
package/src/permissions.ts +71 -8
package/src/tests/coMap.test.ts +2 -2
package/src/tests/group.test.ts +332 -38
package/src/tests/permissions.test.ts +324 -0
package/src/tests/testUtils.ts +18 -13

package/src/coValues/group.ts CHANGED Viewed

@@ -13,7 +13,7 @@ import {
   isParentGroupReference,
 } from "../ids.js";
 import { JsonObject } from "../jsonValue.js";
-import { Role } from "../permissions.js";
+import { AccountRole, Role } from "../permissions.js";
 import { expectGroup } from "../typeUtils/expectGroup.js";
 import {
   ControlledAccountOrAgent,
@@ -33,6 +33,7 @@ export type GroupShape = {
   [key: RawAccountID | AgentID]: Role;
   [EVERYONE]?: Role;
   readKey?: KeyID;
+  [writeKeyFor: `writeKeyFor_${RawAccountID | AgentID}`]: KeyID;
   [revelationFor: `${KeyID}_for_${RawAccountID | AgentID}`]: Sealed<KeySecret>;
   [revelationFor: `${KeyID}_for_${Everyone}`]: KeySecret;
   [oldKeyForNewKey: `${KeyID}_for_${KeyID}`]: Encrypted<
@@ -93,7 +94,7 @@ export class RawGroup<
         }
       | undefined = roleHere && { role: roleHere, via: undefined };
-    const parentGroups = this.getParentGroups(this.options?.atTime);
+    const parentGroups = this.getParentGroups(this.atTimeFilter);
     for (const parentGroup of parentGroups) {
       const roleInParent = parentGroup.roleOfInternal(accountID);
@@ -213,18 +214,19 @@ export class RawGroup<
     account: RawAccount | ControlledAccountOrAgent | AgentID | Everyone,
     role: Role,
   ) {
-    const currentReadKey = this.core.getCurrentReadKey();
-    if (!currentReadKey.secret) {
-      throw new Error("Can't add member without read key secret");
-    }
     if (account === EVERYONE) {
       if (!(role === "reader" || role === "writer")) {
         throw new Error(
           "Can't make everyone something other than reader or writer",
         );
       }
+      const currentReadKey = this.core.getCurrentReadKey();
+      if (!currentReadKey.secret) {
+        throw new Error("Can't add member without read key secret");
+      }
       this.set(account, role, "trusting");
       if (this.get(account) !== role) {
@@ -236,44 +238,168 @@ export class RawGroup<
         currentReadKey.secret,
         "trusting",
       );
+      return;
+    }
+    const memberKey = typeof account === "string" ? account : account.id;
+    const agent =
+      typeof account === "string"
+        ? account
+        : account.currentAgentID()._unsafeUnwrap({ withStackTrace: true });
+    /**
+     * WriteOnly members can only see their own changes.
+     *
+     * We don't want to reveal the readKey to them so we create a new one specifically for them and also reveal it to everyone else with a reader or higher-capability role (but crucially not to other writer-only members)
+     * to everyone else.
+     *
+     * To never reveal the readKey to writeOnly members we also create a dedicated writeKey for the
+     * invite.
+     */
+    if (role === "writeOnly" || role === "writeOnlyInvite") {
+      const writeKeyForNewMember = this.core.crypto.newRandomKeySecret();
+      this.set(memberKey, role, "trusting");
+      this.set(`writeKeyFor_${memberKey}`, writeKeyForNewMember.id, "trusting");
+      this.storeKeyRevelationForMember(
+        memberKey,
+        agent,
+        writeKeyForNewMember.id,
+        writeKeyForNewMember.secret,
+      );
+      for (const otherMemberKey of this.getMemberKeys()) {
+        const memberRole = this.get(otherMemberKey);
+        if (
+          memberRole === "reader" ||
+          memberRole === "writer" ||
+          memberRole === "admin" ||
+          memberRole === "readerInvite" ||
+          memberRole === "writerInvite" ||
+          memberRole === "adminInvite"
+        ) {
+          const otherMemberAgent = this.core.node
+            .resolveAccountAgent(
+              otherMemberKey,
+              "Expected member agent to be loaded",
+            )
+            ._unsafeUnwrap({ withStackTrace: true });
+          this.storeKeyRevelationForMember(
+            otherMemberKey,
+            otherMemberAgent,
+            writeKeyForNewMember.id,
+            writeKeyForNewMember.secret,
+          );
+        }
+      }
     } else {
-      const memberKey = typeof account === "string" ? account : account.id;
-      const agent =
-        typeof account === "string"
-          ? account
-          : account.currentAgentID()._unsafeUnwrap({ withStackTrace: true });
+      const currentReadKey = this.core.getCurrentReadKey();
+      if (!currentReadKey.secret) {
+        throw new Error("Can't add member without read key secret");
+      }
       this.set(memberKey, role, "trusting");
       if (this.get(memberKey) !== role) {
         throw new Error("Failed to set role");
       }
-      this.set(
-        `${currentReadKey.id}_for_${memberKey}`,
-        this.core.crypto.seal({
-          message: currentReadKey.secret,
-          from: this.core.node.account.currentSealerSecret(),
-          to: this.core.crypto.getAgentSealerID(agent),
-          nOnceMaterial: {
-            in: this.id,
-            tx: this.core.nextTransactionID(),
-          },
-        }),
-        "trusting",
+      this.storeKeyRevelationForMember(
+        memberKey,
+        agent,
+        currentReadKey.id,
+        currentReadKey.secret,
       );
+      for (const keyID of this.getWriteOnlyKeys()) {
+        const secret = this.core.getReadKey(keyID);
+        if (!secret) {
+          console.error("Can't find key", keyID);
+          continue;
+        }
+        this.storeKeyRevelationForMember(memberKey, agent, keyID, secret);
+      }
     }
   }
+  private storeKeyRevelationForMember(
+    memberKey: RawAccountID | AgentID,
+    agent: AgentID,
+    keyID: KeyID,
+    secret: KeySecret,
+  ) {
+    this.set(
+      `${keyID}_for_${memberKey}`,
+      this.core.crypto.seal({
+        message: secret,
+        from: this.core.node.account.currentSealerSecret(),
+        to: this.core.crypto.getAgentSealerID(agent),
+        nOnceMaterial: {
+          in: this.id,
+          tx: this.core.nextTransactionID(),
+        },
+      }),
+      "trusting",
+    );
+  }
+  private getWriteOnlyKeys() {
+    const keys: KeyID[] = [];
+    for (const key of this.keys()) {
+      if (key.startsWith("writeKeyFor_")) {
+        keys.push(
+          this.get(key as `writeKeyFor_${RawAccountID | AgentID}`) as KeyID,
+        );
+      }
+    }
+    return keys;
+  }
+  getCurrentReadKeyId() {
+    if (this.myRole() === "writeOnly") {
+      const accountId = this.core.node.account.id;
+      return this.get(`writeKeyFor_${accountId}`) as KeyID;
+    }
+    return this.get("readKey");
+  }
+  getMemberKeys(): (RawAccountID | AgentID)[] {
+    return this.keys().filter((key): key is RawAccountID | AgentID => {
+      return key.startsWith("co_") || isAgentID(key);
+    });
+  }
   /** @internal */
   rotateReadKey() {
-    const currentlyPermittedReaders = this.keys().filter((key) => {
-      if (key.startsWith("co_") || isAgentID(key)) {
-        const role = this.get(key);
-        return role === "admin" || role === "writer" || role === "reader";
-      } else {
-        return false;
-      }
-    }) as (RawAccountID | AgentID)[];
+    const memberKeys = this.getMemberKeys();
+    const currentlyPermittedReaders = memberKeys.filter((key) => {
+      const role = this.get(key);
+      return (
+        role === "admin" ||
+        role === "writer" ||
+        role === "reader" ||
+        role === "adminInvite" ||
+        role === "writerInvite" ||
+        role === "readerInvite"
+      );
+    });
+    const writeOnlyMembers = memberKeys.filter((key) => {
+      const role = this.get(key);
+      return role === "writeOnly" || role === "writeOnlyInvite";
+    });
     // Get these early, so we fail fast if they are unavailable
     const parentGroups = this.getParentGroups();
@@ -293,28 +419,60 @@ export class RawGroup<
     const newReadKey = this.core.crypto.newRandomKeySecret();
     for (const readerID of currentlyPermittedReaders) {
-      const reader = this.core.node
+      const agent = this.core.node
         .resolveAccountAgent(
           readerID,
           "Expected to know currently permitted reader",
         )
         ._unsafeUnwrap({ withStackTrace: true });
-      this.set(
-        `${newReadKey.id}_for_${readerID}`,
-        this.core.crypto.seal({
-          message: newReadKey.secret,
-          from: this.core.node.account.currentSealerSecret(),
-          to: this.core.crypto.getAgentSealerID(reader),
-          nOnceMaterial: {
-            in: this.id,
-            tx: this.core.nextTransactionID(),
-          },
-        }),
-        "trusting",
+      this.storeKeyRevelationForMember(
+        readerID,
+        agent,
+        newReadKey.id,
+        newReadKey.secret,
       );
     }
+    /**
+     * If there are some writeOnly members we need to rotate their keys
+     * and reveal them to the other non-writeOnly members
+     */
+    for (const writeOnlyMemberID of writeOnlyMembers) {
+      const agent = this.core.node
+        .resolveAccountAgent(
+          writeOnlyMemberID,
+          "Expected to know writeOnly member",
+        )
+        ._unsafeUnwrap({ withStackTrace: true });
+      const writeOnlyKey = this.core.crypto.newRandomKeySecret();
+      this.storeKeyRevelationForMember(
+        writeOnlyMemberID,
+        agent,
+        writeOnlyKey.id,
+        writeOnlyKey.secret,
+      );
+      this.set(`writeKeyFor_${writeOnlyMemberID}`, writeOnlyKey.id, "trusting");
+      for (const readerID of currentlyPermittedReaders) {
+        const agent = this.core.node
+          .resolveAccountAgent(
+            readerID,
+            "Expected to know currently permitted reader",
+          )
+          ._unsafeUnwrap({ withStackTrace: true });
+        this.storeKeyRevelationForMember(
+          readerID,
+          agent,
+          writeOnlyKey.id,
+          writeOnlyKey.secret,
+        );
+      }
+    }
     this.set(
       `${currentReadKey.id}_for_${newReadKey.id}`,
       this.core.crypto.encryptKeySecret({
@@ -326,8 +484,11 @@ export class RawGroup<
     this.set("readKey", newReadKey.id, "trusting");
-    // when we rotate our readKey (because someone got kicked out), we also need to (recursively)
-    // rotate the readKeys of all child groups (so they are kicked out there as well)
+    /**
+     * The new read key needs to be revealed to the parent groups
+     *
+     * This way the members from the parent groups can still have access to this group
+     */
     for (const parent of parentGroups) {
       const { id: parentReadKeyID, secret: parentReadKeySecret } =
         parent.core.getCurrentReadKey();
@@ -426,7 +587,7 @@ export class RawGroup<
    *
    * @category 2. Role changing
    */
-  createInvite(role: "reader" | "writer" | "admin"): InviteSecret {
+  createInvite(role: AccountRole): InviteSecret {
     const secretSeed = this.core.crypto.newRandomSecretSeed();
     const inviteSecret = this.core.crypto.agentSecretFromSecretSeed(secretSeed);
@@ -558,13 +719,20 @@ function isMorePermissiveAndShouldInherit(
   }
   if (roleInParent === "writer") {
-    return !roleInChild || roleInChild === "reader";
+    return (
+      !roleInChild || roleInChild === "reader" || roleInChild === "writeOnly"
+    );
   }
   if (roleInParent === "reader") {
     return !roleInChild;
   }
+  // writeOnly can't be inherited
+  if (roleInParent === "writeOnly") {
+    return false;
+  }
   return false;
 }

package/src/localNode.ts CHANGED Viewed

@@ -387,7 +387,8 @@ export class LocalNode {
       existingRole === "admin" ||
       (existingRole === "writer" && inviteRole === "writerInvite") ||
       (existingRole === "writer" && inviteRole === "reader") ||
-      (existingRole === "reader" && inviteRole === "readerInvite")
+      (existingRole === "reader" && inviteRole === "readerInvite") ||
+      (existingRole && inviteRole === "writeOnlyInvite")
     ) {
       console.debug(
         "Not accepting invite that would replace or downgrade role",
@@ -410,7 +411,9 @@ export class LocalNode {
         ? "admin"
         : inviteRole === "writerInvite"
           ? "writer"
-          : "reader",
+          : inviteRole === "writeOnlyInvite"
+            ? "writeOnly"
+            : "reader",
     );
     group.core._sessionLogs = groupAsInvite.core.sessionLogs;

package/src/permissions.ts CHANGED Viewed

@@ -22,14 +22,15 @@ export type PermissionsDef =
   | { type: "ownedByGroup"; group: RawCoID }
   | { type: "unsafeAllowAll" };
+export type AccountRole = "reader" | "writer" | "admin" | "writeOnly";
 export type Role =
-  | "reader"
-  | "writer"
-  | "admin"
+  | AccountRole
   | "revoked"
   | "adminInvite"
   | "writerInvite"
-  | "readerInvite";
+  | "readerInvite"
+  | "writeOnlyInvite";
 type ValidTransactionsResult = { txID: TransactionID; tx: Transaction };
 type MemberState = { [agent: RawAccountID | AgentID]: Role; [EVERYONE]?: Role };
@@ -81,7 +82,8 @@ export function determineValidTransactions(
         if (
           transactorRoleAtTxTime !== "admin" &&
-          transactorRoleAtTxTime !== "writer"
+          transactorRoleAtTxTime !== "writer" &&
+          transactorRoleAtTxTime !== "writeOnly"
         ) {
           return;
         }
@@ -177,6 +179,9 @@ function determineValidTransactionsForGroup(
   const memberState: MemberState = {};
   const validTransactions: ValidTransactionsResult[] = [];
+  const keyRevelations = new Set<string>();
+  const writeKeys = new Set<string>();
   for (const { sessionID, txIndex, tx } of allTransactionsSorted) {
     // console.log("before", { memberState, validTransactions });
     const transactor = accountOrAgentIDfromSessionID(sessionID);
@@ -254,14 +259,31 @@ function determineValidTransactionsForGroup(
         memberState[transactor] !== "admin" &&
         memberState[transactor] !== "adminInvite" &&
         memberState[transactor] !== "writerInvite" &&
-        memberState[transactor] !== "readerInvite"
+        memberState[transactor] !== "readerInvite" &&
+        memberState[transactor] !== "writeOnlyInvite"
       ) {
         console.warn("Only admins can reveal keys");
         continue;
       }
-      // TODO: check validity of agents who the key is revealed to?
+      /**
+       * We don't want to give the ability to invite members to override
+       * key revelations, otherwise they could hide a key revelation to any user
+       * blocking them from accessing the group.
+       */
+      if (
+        keyRevelations.has(change.key) &&
+        memberState[transactor] !== "admin"
+      ) {
+        console.warn(
+          "Key revelation already exists and can't be overridden by invite",
+        );
+        continue;
+      }
+      keyRevelations.add(change.key);
+      // TODO: check validity of agents who the key is revealed to?
       validTransactions.push({ txID: { sessionID, txIndex }, tx });
       continue;
     } else if (isParentExtension(change.key)) {
@@ -277,6 +299,34 @@ function determineValidTransactionsForGroup(
         console.warn("Only admins can set child extensions");
         continue;
       }
+      validTransactions.push({ txID: { sessionID, txIndex }, tx });
+      continue;
+    } else if (isWriteKeyForMember(change.key)) {
+      if (
+        memberState[transactor] !== "admin" &&
+        memberState[transactor] !== "writeOnlyInvite"
+      ) {
+        console.warn("Only admins can set writeKeys");
+        continue;
+      }
+      /**
+       * writeOnlyInvite need to be able to set writeKeys because every new writeOnly
+       * member comes with their own write key.
+       *
+       * We don't want to give the ability to invite members to override
+       * write keys, otherwise they could hide a write key to other writeOnly users
+       * blocking them from accessing the group.ß
+       */
+      if (writeKeys.has(change.key) && memberState[transactor] !== "admin") {
+        console.warn(
+          "Write key already exists and can't be overridden by invite",
+        );
+        continue;
+      }
+      writeKeys.add(change.key);
       validTransactions.push({ txID: { sessionID, txIndex }, tx });
       continue;
     }
@@ -288,10 +338,12 @@ function determineValidTransactionsForGroup(
       change.value !== "admin" &&
       change.value !== "writer" &&
       change.value !== "reader" &&
+      change.value !== "writeOnly" &&
       change.value !== "revoked" &&
       change.value !== "adminInvite" &&
       change.value !== "writerInvite" &&
-      change.value !== "readerInvite"
+      change.value !== "readerInvite" &&
+      change.value !== "writeOnlyInvite"
     ) {
       console.warn("Group transaction must set a valid role");
       continue;
@@ -341,6 +393,11 @@ function determineValidTransactionsForGroup(
           console.warn("ReaderInvites can only create reader.");
           continue;
         }
+      } else if (memberState[transactor] === "writeOnlyInvite") {
+        if (change.value !== "writeOnly") {
+          console.warn("WriteOnlyInvites can only create writeOnly.");
+          continue;
+        }
       } else {
         console.warn(
           "Group transaction must be made by current admin or invite",
@@ -377,6 +434,12 @@ function agentInAccountOrMemberInGroup(
   return transactor;
 }
+export function isWriteKeyForMember(
+  co: string,
+): co is `writeKeyFor_${RawAccountID | AgentID}` {
+  return co.startsWith("writeKeyFor_");
+}
 export function isKeyForKeyField(co: string): co is `${KeyID}_for_${KeyID}` {
   return co.startsWith("key_") && co.includes("_for_key");
 }

package/src/tests/coMap.test.ts CHANGED Viewed

@@ -75,10 +75,10 @@ test("Can get CoMap entry values at different points in time", () => {
   expect(content.atTime(beforeB).get("hello")).toEqual("A");
   expect(content.atTime(beforeC).get("hello")).toEqual("B");
-  const ops = content.timeFilteredOps("hello");
+  const ops = content.ops["hello"]!;
   expect(content.atTime(beforeC).lastEditAt("hello")).toEqual(
-    operationToEditEntry(ops![1]!),
+    operationToEditEntry(ops[1]!),
   );
   expect(content.atTime(beforeC).nthEditAt("hello", 0)).toEqual(
     operationToEditEntry(ops![0]!),