entity-server-client 0.2.6 → 0.3.1

package/src/mixins/auth.ts

@@ -19,15 +19,23 @@ export function AuthMixin<TBase extends GConstructor<EntityServerClientBase>>(
         async checkHealth(): Promise<{
             ok: boolean;
             packet_encryption?: boolean;
+            packet_mode?: string;
+            packet_token?: string;
         }> {
             const res = await fetch(`${this.baseUrl}/v1/health`, {
                 signal: AbortSignal.timeout(3000),
+                credentials: "include",
             });
             const data = (await res.json()) as {
                 ok: boolean;
                 packet_encryption?: boolean;
+                packet_mode?: string;
+                packet_token?: string;
             };
             if (data.packet_encryption) this.encryptRequests = true;
+            if (typeof data.packet_token === "string") {
+                this.anonymousPacketToken = data.packet_token;
+            }
             return data;
         }
 
@@ -39,12 +47,18 @@ export function AuthMixin<TBase extends GConstructor<EntityServerClientBase>>(
             access_token: string;
             refresh_token: string;
             expires_in: number;
+            force_password_change?: boolean;
+            password_expired?: boolean;
+            password_expires_in_days?: number;
         }> {
             const data = await this._request<{
                 data: {
                     access_token: string;
                     refresh_token: string;
                     expires_in: number;
+                    force_password_change?: boolean;
+                    password_expired?: boolean;
+                    password_expires_in_days?: number;
                 };
             }>("POST", "/v1/auth/login", { email, passwd: password }, false);
             this.token = data.data.access_token;
@@ -100,17 +114,6 @@ export function AuthMixin<TBase extends GConstructor<EntityServerClientBase>>(
             return this._request("GET", "/v1/auth/me");
         }
 
-        /** 비밀번호를 변경합니다. */
-        changePassword(
-            currentPasswd: string,
-            newPasswd: string,
-        ): Promise<{ ok: boolean }> {
-            return this._request("POST", "/v1/auth/change-password", {
-                current_passwd: currentPasswd,
-                new_passwd: newPasswd,
-            });
-        }
-
         /** 회원 탈퇴를 요청합니다. */
         withdraw(passwd?: string): Promise<{ ok: boolean }> {
             return this._request(
@@ -136,152 +139,5 @@ export function AuthMixin<TBase extends GConstructor<EntityServerClientBase>>(
         }> {
             return this._request("POST", "/v1/auth/reactivate", params, false);
         }
-
-        /** 비밀번호 재설정 메일을 요청합니다. */
-        passwordResetRequest(email: string): Promise<{ ok: boolean }> {
-            return this._request(
-                "POST",
-                "/v1/auth/password-reset",
-                { email },
-                false,
-            );
-        }
-
-        /** 이메일로 전달된 토큰으로 비밀번호를 재설정합니다. */
-        passwordResetConfirm(
-            token: string,
-            newPasswd: string,
-        ): Promise<{ ok: boolean }> {
-            return this._request(
-                "POST",
-                "/v1/auth/password-reset/confirm",
-                { token, new_passwd: newPasswd },
-                false,
-            );
-        }
-
-        // ─── OAuth 연동 ───────────────────────────────────────────────────────
-
-        /** OAuth 프로바이더를 현재 계정에 연동합니다. */
-        oauthLink(
-            provider: string,
-            code: string,
-            state?: string,
-        ): Promise<{ ok: boolean; message: string; provider: string }> {
-            return this._request("POST", "/v1/auth/oauth/link", {
-                provider,
-                code,
-                ...(state ? { state } : {}),
-            });
-        }
-
-        /** OAuth 프로바이더 연동을 해제합니다. */
-        oauthUnlink(
-            provider: string,
-        ): Promise<{ ok: boolean; message: string; provider: string }> {
-            return this._request("DELETE", `/v1/auth/oauth/link/${provider}`);
-        }
-
-        /** 현재 계정에 연동된 OAuth 프로바이더 목록을 반환합니다. */
-        oauthProviders(): Promise<{
-            ok: boolean;
-            data: Array<{
-                provider: string;
-                email?: string;
-                linked_at?: string;
-            }>;
-        }> {
-            return this._request("GET", "/v1/auth/oauth/providers");
-        }
-
-        /** 특정 OAuth 프로바이더의 액세스 토큰을 갱신합니다. */
-        oauthTokenRefresh(provider: string): Promise<{
-            ok: boolean;
-            access_token: string;
-            expires_at?: string;
-        }> {
-            return this._request("POST", `/v1/auth/oauth/refresh/${provider}`);
-        }
-
-        // ─── 2단계 인증 (2FA) ─────────────────────────────────────────────────
-
-        /** 2FA 설정을 시작하고 QR 코드 / 시크릿을 반환합니다. */
-        twoFactorSetup(): Promise<{
-            ok: boolean;
-            setup_token: string;
-            qr_url: string;
-            secret: string;
-        }> {
-            return this._request("POST", "/v1/auth/2fa/setup");
-        }
-
-        /** TOTP 코드로 2FA 설정을 완료합니다. */
-        twoFactorSetupVerify(
-            code: string,
-            setupToken: string,
-        ): Promise<{ ok: boolean; recovery_codes: string[] }> {
-            return this._request("POST", "/v1/auth/2fa/setup/verify", {
-                code,
-                setup_token: setupToken,
-            });
-        }
-
-        /** 2FA를 비활성화합니다. */
-        twoFactorDisable(code: string): Promise<{ ok: boolean }> {
-            return this._request("DELETE", "/v1/auth/2fa", { code });
-        }
-
-        /** 2FA 활성화 여부를 조회합니다. */
-        twoFactorStatus(): Promise<{ ok: boolean; enabled: boolean }> {
-            return this._request("GET", "/v1/auth/2fa/status");
-        }
-
-        /** 임시 토큰으로 TOTP 코드를 검증하여 최종 JWT를 발급받습니다. */
-        twoFactorVerify(
-            twoFactorToken: string,
-            code: string,
-        ): Promise<{
-            ok: boolean;
-            access_token: string;
-            refresh_token: string;
-            expires_in: number;
-        }> {
-            return this._request(
-                "POST",
-                "/v1/auth/2fa/verify",
-                { two_factor_token: twoFactorToken, code },
-                false,
-            );
-        }
-
-        /** 복구 코드로 2FA를 우회하여 최종 JWT를 발급받습니다. */
-        twoFactorRecovery(
-            twoFactorToken: string,
-            recoveryCode: string,
-        ): Promise<{
-            ok: boolean;
-            access_token: string;
-            refresh_token: string;
-            expires_in: number;
-        }> {
-            return this._request(
-                "POST",
-                "/v1/auth/2fa/recovery",
-                {
-                    two_factor_token: twoFactorToken,
-                    recovery_code: recoveryCode,
-                },
-                false,
-            );
-        }
-
-        /** 복구 코드를 재생성합니다. */
-        twoFactorRegenerateRecovery(
-            code: string,
-        ): Promise<{ ok: boolean; recovery_codes: string[] }> {
-            return this._request("POST", "/v1/auth/2fa/recovery/regenerate", {
-                code,
-            });
-        }
     };
 }

package/src/mixins/push.ts

@@ -2,8 +2,6 @@ import type {
     EntityListParams,
     EntityListResult,
     RegisterPushDeviceOptions,
-    PushSendRequest,
-    PushSendAllRequest,
 } from "../types";
 import type { GConstructor, EntityServerClientBase } from "../client/base";
 
@@ -107,26 +105,5 @@ export function PushMixin<TBase extends GConstructor<WithSubmit>>(Base: TBase) {
                 { transactionId: opts.transactionId },
             );
         }
-
-        // ─── 푸시 발송 API ────────────────────────────────────────────────────
-
-        /** 특정 계정에 푸시 알림을 발송합니다. */
-        pushSend(req: PushSendRequest): Promise<{ ok: boolean; seq: number }> {
-            return this._request("POST", "/v1/push/send", req);
-        }
-
-        /** 전체 사용자에게 푸시 알림을 발송합니다. */
-        pushSendAll(req: PushSendAllRequest): Promise<{
-            ok: boolean;
-            sent: number;
-            failed: number;
-        }> {
-            return this._request("POST", "/v1/push/send-all", req);
-        }
-
-        /** 푸시 발송 상태를 조회합니다. */
-        pushStatus(seq: number): Promise<{ ok: boolean; status: string }> {
-            return this._request("POST", `/v1/push/status/${seq}`, {});
-        }
     };
 }

package/src/mixins/utils.ts

@@ -1,4 +1,4 @@
-import type { QRCodeOptions, BarcodeOptions } from "../types";
+import type { QRCodeOptions, BarcodeOptions, Pdf2PngOptions } from "../types";
 import type { GConstructor, EntityServerClientBase } from "../client/base";
 
 export function UtilsMixin<TBase extends GConstructor<EntityServerClientBase>>(
@@ -71,5 +71,36 @@ export function UtilsMixin<TBase extends GConstructor<EntityServerClientBase>>(
                 ...opts,
             });
         }
+
+        /**
+         * PDF를 PNG 이미지로 변환합니다.
+         *
+         * 단일 페이지 요청이면 `image/png` ArrayBuffer,
+         * 다중 페이지 요청이면 `application/zip` ArrayBuffer를 반환합니다.
+         *
+         * ```ts
+         * const buf = await client.pdf2png(pdfArrayBuffer, { dpi: 200 });
+         * ```
+         */
+        pdf2png(
+            pdfData: ArrayBuffer | Uint8Array<ArrayBuffer>,
+            opts: Pdf2PngOptions = {},
+        ): Promise<ArrayBuffer> {
+            const form = new FormData();
+            form.append(
+                "file",
+                new Blob([pdfData], { type: "application/pdf" }),
+                "document.pdf",
+            );
+            const params = new URLSearchParams();
+            if (opts.dpi != null) params.set("dpi", String(opts.dpi));
+            if (opts.firstPage != null)
+                params.set("first_page", String(opts.firstPage));
+            if (opts.lastPage != null)
+                params.set("last_page", String(opts.lastPage));
+            const qs = params.toString();
+            const path = "/v1/utils/pdf2png" + (qs ? `?${qs}` : "");
+            return this._requestFormBinary("POST", path, form);
+        }
     };
 }

package/src/packet.ts

@@ -0,0 +1,84 @@
+// @ts-ignore
+import { xchacha20poly1305 } from "@noble/ciphers/chacha";
+// @ts-ignore
+import { sha256 } from "@noble/hashes/sha2";
+// @ts-ignore
+import { hkdf } from "@noble/hashes/hkdf";
+
+export const PACKET_KEY_SIZE = 32;
+export const PACKET_MAGIC_MIN = 2;
+export const PACKET_MAGIC_RANGE = 14;
+export const PACKET_NONCE_SIZE = 24;
+export const PACKET_TAG_SIZE = 16;
+export const PACKET_HKDF_SALT = "entity-server:hkdf:v1";
+export const PACKET_INFO_LABEL = "entity-server:packet-encryption";
+
+function toUint8Array(data: ArrayBuffer | Uint8Array): Uint8Array {
+    return data instanceof Uint8Array ? data : new Uint8Array(data);
+}
+
+export function derivePacketKey(
+    source: string,
+    infoLabel = PACKET_INFO_LABEL,
+): Uint8Array {
+    return hkdf(
+        sha256,
+        new TextEncoder().encode(source),
+        new TextEncoder().encode(PACKET_HKDF_SALT),
+        new TextEncoder().encode(infoLabel),
+        PACKET_KEY_SIZE,
+    );
+}
+
+export function packetMagicLenFromKey(
+    key: ArrayBuffer | Uint8Array,
+    magicMin = PACKET_MAGIC_MIN,
+    magicRange = PACKET_MAGIC_RANGE,
+): number {
+    const keyBytes = toUint8Array(key);
+    if (keyBytes.length < PACKET_KEY_SIZE) return magicMin;
+    return magicMin + (keyBytes[PACKET_KEY_SIZE - 1]! % magicRange);
+}
+
+export function encryptPacket(
+    plaintext: ArrayBuffer | Uint8Array,
+    key: ArrayBuffer | Uint8Array,
+    magicMin = PACKET_MAGIC_MIN,
+    magicRange = PACKET_MAGIC_RANGE,
+): Uint8Array {
+    const plaintextBytes = toUint8Array(plaintext);
+    const keyBytes = toUint8Array(key);
+    const magicLen = packetMagicLenFromKey(keyBytes, magicMin, magicRange);
+    const magic = crypto.getRandomValues(new Uint8Array(magicLen));
+    const nonce = crypto.getRandomValues(new Uint8Array(PACKET_NONCE_SIZE));
+    const cipher = xchacha20poly1305(keyBytes, nonce);
+    const ciphertext = cipher.encrypt(plaintextBytes);
+    const result = new Uint8Array(
+        magicLen + PACKET_NONCE_SIZE + ciphertext.length,
+    );
+
+    result.set(magic, 0);
+    result.set(nonce, magicLen);
+    result.set(ciphertext, magicLen + PACKET_NONCE_SIZE);
+    return result;
+}
+
+export function decryptPacket(
+    buffer: ArrayBuffer | Uint8Array,
+    key: ArrayBuffer | Uint8Array,
+    magicMin = PACKET_MAGIC_MIN,
+    magicRange = PACKET_MAGIC_RANGE,
+): Uint8Array {
+    const data = toUint8Array(buffer);
+    const keyBytes = toUint8Array(key);
+    const magicLen = packetMagicLenFromKey(keyBytes, magicMin, magicRange);
+
+    if (data.length < magicLen + PACKET_NONCE_SIZE + PACKET_TAG_SIZE) {
+        throw new Error("Encrypted packet too short");
+    }
+
+    const nonce = data.slice(magicLen, magicLen + PACKET_NONCE_SIZE);
+    const ciphertext = data.slice(magicLen + PACKET_NONCE_SIZE);
+    const cipher = xchacha20poly1305(keyBytes, nonce);
+    return cipher.decrypt(ciphertext);
+}

package/src/types.ts

@@ -129,6 +129,11 @@ export interface RegisterPushDeviceOptions {
 export interface EntityServerClientOptions {
     baseUrl?: string;
     token?: string;
+    /**
+     * 익명 패킷 암호화용 부트스트랩 토큰입니다.
+     * entity-app-server의 `/v1/health` 응답으로 설정되는 용도입니다.
+     */
+    anonymousPacketToken?: string;
     /**
      * `true`이면 인증된 POST/PUT 요청 바디를 XChaCha20-Poly1305로 암호화합니다.
      *
@@ -208,131 +213,6 @@ export interface SmtpSendRequest {
     ref_seq?: number;
 }
 
-// ─── SMS ──────────────────────────────────────────────────────────────────────
-
-/** `smsSend()` 요청 파라미터입니다. */
-export interface SmsSendRequest {
-    provider?: string;
-    sender?: string;
-    /** 수신자 전화번호 (필수) */
-    receiver: string;
-    /** 메시지 내용 (필수) */
-    content: string;
-    /** MMS 제목 (LMS/MMS 전용) */
-    subject?: string;
-    image_url?: string;
-    ref_entity?: string;
-    ref_seq?: number;
-}
-
-// ─── Push 발송 API ──────────────────────────────────────────────────────────────
-
-/** `pushSend()` 요청 파라미터 (`POST /v1/push/send`) */
-export interface PushSendRequest {
-    /** 수신 계정 seq 배열 (필수) */
-    account_seqs: number[];
-    title: string;
-    body: string;
-    /** 커스텀 페이로드 */
-    data?: Record<string, string>;
-    ref_entity?: string;
-    ref_seq?: number;
-}
-
-/** `pushSendAll()` 요청 파라미터 (`POST /v1/push/send-all`) */
-export interface PushSendAllRequest {
-    title: string;
-    body: string;
-    data?: Record<string, string>;
-    ref_entity?: string;
-    ref_seq?: number;
-}
-
-// ─── 알림톡 / 친구톡 ───────────────────────────────────────────────────────────
-
-/** 알림톡 / 친구톡 버튼 */
-export interface AlimtalkButton {
-    name: string;
-    type: string;
-    url_mobile?: string;
-    url_pc?: string;
-}
-
-/** `alimtalkSend()` 요청 파라미터 */
-export interface AlimtalkSendRequest {
-    /** 알림톡 템플릿 코드 (필수) */
-    template_code: string;
-    /** 수신자 전화번호 (필수) */
-    receiver: string;
-    variables?: Record<string, string>;
-    provider?: string;
-}
-
-/** `friendtalkSend()` 요청 파라미터 */
-export interface FriendtalkSendRequest {
-    /** 수신자 전화번호 (필수) */
-    receiver: string;
-    /** 메시지 내용 (필수) */
-    content: string;
-    /** 메시지 타입 (`"text"` | `"image"` | `"wide_image"` 등, 기본 `"text"`) */
-    msg_type?: string;
-    image_url?: string;
-    image_link?: string;
-    /** 광고 여부 (기본 `true`) */
-    is_ad?: boolean;
-    buttons?: AlimtalkButton[];
-    carousel_json?: string;
-    items_json?: string;
-    header?: string;
-    provider?: string;
-}
-
-// ─── PG 결제 ──────────────────────────────────────────────────────────────────
-
-/** `pgCreateOrder()` 요청 파라미터 */
-export interface PgCreateOrderRequest {
-    /** 결제 금액 (필수) */
-    amount: number;
-    /** 주문명 (필수) */
-    order_name: string;
-    currency?: string;
-    customer_name?: string;
-    customer_email?: string;
-    provider?: string;
-    metadata?: Record<string, unknown>;
-}
-
-/** `pgConfirmPayment()` 요청 파라미터 */
-export interface PgConfirmPaymentRequest {
-    payment_key: string;
-    order_id: string;
-    amount: number;
-}
-
-/** `pgCancelPayment()` 요청 파라미터 */
-export interface PgCancelPaymentRequest {
-    /** 취소 사유 (필수) */
-    cancel_reason: string;
-    /** 부분 취소 금액 (생략 시 전액 취소) */
-    cancel_amount?: number;
-    refund_account?: {
-        bank: string;
-        account_number: string;
-        holder_name: string;
-    };
-}
-
-// ─── 본인인증 ──────────────────────────────────────────────────────────────────
-
-/** `identityRequest()` 요청 파라미터 */
-export interface IdentityRequestOptions {
-    /** 인증 목적 (필수, 예: `"signup"`, `"password_reset"`) */
-    purpose: string;
-    /** 인증 방법 (예: `"simple"`, `"pass"`) */
-    method?: string;
-    provider?: string;
-}
-
 // ─── Utils ────────────────────────────────────────────────────────────────────
 
 /** `qrcode()` / `qrcodeBase64()` / `qrcodeText()` 공통 옵션 */
@@ -364,6 +244,16 @@ export interface BarcodeOptions {
     height?: number;
 }
 
+/** `pdf2png()` 옵션 */
+export interface Pdf2PngOptions {
+    /** 해상도 DPI (기본 300) */
+    dpi?: number;
+    /** 시작 페이지 1-based (기본: 첫 번째 페이지) */
+    firstPage?: number;
+    /** 종료 페이지 1-based (기본: 마지막 페이지) */
+    lastPage?: number;
+}
+
 // ─── 파일 ─────────────────────────────────────────────────────────────────────
 
 /** 파일 메타 정보 */

package/tests/packet.test.mjs

@@ -0,0 +1,50 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+
+import {
+    derivePacketKey,
+    packetMagicLenFromKey,
+    encryptPacket,
+    decryptPacket,
+    PACKET_MAGIC_MIN,
+    PACKET_MAGIC_RANGE,
+    PACKET_NONCE_SIZE,
+    PACKET_TAG_SIZE,
+} from "../dist/packet.js";
+
+test("packet core roundtrips plaintext", () => {
+    const key = derivePacketKey("packet-test-token");
+    const payload = new TextEncoder().encode(
+        JSON.stringify({ ok: true, message: "hello" }),
+    );
+
+    const encrypted = encryptPacket(payload, key);
+    const decrypted = decryptPacket(encrypted, key);
+
+    assert.equal(
+        new TextDecoder().decode(decrypted),
+        JSON.stringify({ ok: true, message: "hello" }),
+    );
+});
+
+test("packet core derives a stable magic length from key", () => {
+    const key = derivePacketKey("packet-test-token");
+    const magicLen = packetMagicLenFromKey(key);
+
+    assert.ok(magicLen >= PACKET_MAGIC_MIN);
+    assert.ok(magicLen < PACKET_MAGIC_MIN + PACKET_MAGIC_RANGE);
+    assert.equal(magicLen, packetMagicLenFromKey(key));
+});
+
+test("encrypted packet has expected minimum shape", () => {
+    const key = derivePacketKey("packet-test-token");
+    const payload = new TextEncoder().encode("abc");
+    const magicLen = packetMagicLenFromKey(key);
+
+    const encrypted = encryptPacket(payload, key);
+
+    assert.ok(
+        encrypted.length >=
+            magicLen + PACKET_NONCE_SIZE + PACKET_TAG_SIZE + payload.length,
+    );
+});