favalib 0.0.1

package/build/subclasses/PersistentStorageManager.mjs

@@ -0,0 +1,127 @@
+import { AuthenticationError } from '../TwoFALibError.mjs';
+import { TwoFaLibEvent } from '../TwoFaLibEvent.mjs';
+import TwoFaLib from '../TwoFaLib.mjs';
+import { validatePassphraseStrength } from '../utils/creationUtils.mjs';
+/**
+ * Manages all storage of data that should be persistent.
+ */
+class PersistentStorageManager {
+    static { this.storageVersion = 1; }
+    /**
+     * Constructs a new instance of PersistentStorageManager.
+     * @param mediator - The mediator for accessing other components.
+     * @param passphraseExtraDict - Additional words to be used for passphrase strength evaluation.
+     * @param deviceId - The unique identifier of the device.
+     * @param privateKey - The private key used for cryptographic operations.
+     * @param symmetricKey - The symmetric key used for cryptographic operations.
+     * @param encryptedPrivateKey - The encrypted private key
+     * @param encryptedSymmetricKey - The encrypted symmetric key
+     * @param salt - The salt used for key derivation.
+     */
+    constructor(mediator, passphraseExtraDict, deviceId, privateKey, symmetricKey, encryptedPrivateKey, encryptedSymmetricKey, salt) {
+        this.mediator = mediator;
+        this.passphraseExtraDict = passphraseExtraDict;
+        this.deviceId = deviceId;
+        this.privateKey = privateKey;
+        this.symmetricKey = symmetricKey;
+        this.encryptedPrivateKey = encryptedPrivateKey;
+        this.encryptedSymmetricKey = encryptedSymmetricKey;
+        this.salt = salt;
+    }
+    get cryptoLib() {
+        return this.mediator.getComponent('libraryLoader').getCryptoLib();
+    }
+    get vaultDataManager() {
+        return this.mediator.getComponent('vaultDataManager');
+    }
+    get syncManager() {
+        if (!this.mediator.componentIsInitialised('syncManager')) {
+            return null;
+        }
+        return this.mediator.getComponent('syncManager');
+    }
+    get dispatchLibEvent() {
+        return this.mediator.getComponent('dispatchLibEvent');
+    }
+    /**
+     * Retrieves an encrypted representation of the library's current state.
+     * This can be used for secure storage or transmission of the library's data.
+     * @param key - The key to decrypt the locked representation with. If not provided the library's current symmetric key will be used.
+     * @returns A promise that resolves with a string representation of the locked state.
+     */
+    async getEncryptedVaultState(key) {
+        const vault = this.vaultDataManager.getAllEntries();
+        const vaultState = {
+            vault,
+            deviceId: this.deviceId,
+            sync: {
+                devices: this.syncManager?.syncDevices ?? [],
+                serverUrl: this.syncManager?.serverUrl,
+                commandSendQueue: this.syncManager?.getCommandSendQueue() ?? [],
+            },
+        };
+        return await this.cryptoLib.encryptSymmetric(key ?? this.symmetricKey, JSON.stringify(vaultState));
+    }
+    /**
+     * Creates a partially encrypted representation of all data, except for
+     * the passphrase, that is needed to load the library. This can be used
+     * for secure storage of the library's data.
+     * @returns A promise that resolves with a json encoded string of
+     * the partially encrypted library's data.
+     */
+    async getLockedRepresentation() {
+        const encryptedVaultState = await this.getEncryptedVaultState();
+        const lockedRepresentation = {
+            libVersion: TwoFaLib.version,
+            storageVersion: PersistentStorageManager.storageVersion,
+            encryptedPrivateKey: this.encryptedPrivateKey,
+            encryptedSymmetricKey: this.encryptedSymmetricKey,
+            salt: this.salt,
+            encryptedVaultState: encryptedVaultState,
+        };
+        return JSON.stringify(lockedRepresentation);
+    }
+    /**
+     * Saves the current state of the library.
+     * @returns A promise that resolves when the save operation is complete.
+     */
+    async save() {
+        const lockedRepresentation = await this.getLockedRepresentation();
+        this.dispatchLibEvent(TwoFaLibEvent.Changed, {
+            newLockedRepresentationString: lockedRepresentation,
+        });
+    }
+    /**
+     * Validates the provided passphrase against the current library passphrase.
+     * @param salt - The salt used for key derivation.
+     * @param passphrase - The passphrase to validate.
+     * @returns A promise that resolves with a boolean indicating whether the passphrase is valid.
+     */
+    async validatePassphrase(salt, passphrase) {
+        try {
+            await this.cryptoLib.decryptKeys(this.encryptedPrivateKey, this.encryptedSymmetricKey, salt, passphrase);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * Changes the library's passphrase.
+     * @param oldPassphrase - The current passphrase.
+     * @param newPassphrase - The new passphrase to set.
+     * @returns A promise that resolves when the passphrase change is complete.
+     * @throws {AuthenticationError} If the provided old passphrase is incorrect.
+     */
+    async changePassphrase(oldPassphrase, newPassphrase) {
+        await validatePassphraseStrength(this.mediator.getComponent('libraryLoader'), newPassphrase, this.passphraseExtraDict);
+        const isValid = await this.validatePassphrase(this.salt, oldPassphrase);
+        if (!isValid)
+            throw new AuthenticationError('Invalid old passphrase');
+        const { encryptedPrivateKey: newEncryptedPrivateKey, encryptedSymmetricKey: newEncryptedSymmetricKey, } = await this.cryptoLib.encryptKeys(this.privateKey, this.symmetricKey, this.salt, newPassphrase);
+        this.encryptedPrivateKey = newEncryptedPrivateKey;
+        this.encryptedSymmetricKey = newEncryptedSymmetricKey;
+        await this.save();
+    }
+}
+export default PersistentStorageManager;

package/build/subclasses/SyncManager.d.mts

@@ -0,0 +1,161 @@
+import { SyncDevice, DeviceId, DeviceType } from '../interfaces/SyncTypes.mjs';
+import type { PrivateKey, PublicKey } from '../interfaces/CryptoLib.mjs';
+import type Command from '../Command/BaseCommand.mjs';
+import type TwoFaLibMediator from '../TwoFaLibMediator.mjs';
+import { VaultSyncStateWithServerUrl } from '../interfaces/Vault.mjs';
+import { SyncCommandFromServer } from 'favaserver/ServerMessage';
+import { SyncCommandFromClient } from 'favaserver/ClientMessage';
+import type { AddSyncDeviceData } from '../Command/commands/AddSyncDeviceCommand.mjs';
+/**
+ * Manages synchronization of 2FA devices and communication with the server.
+ */
+declare class SyncManager {
+    private readonly mediator;
+    private readonly deviceType;
+    private readonly publicKey;
+    private readonly privateKey;
+    private ws?;
+    private activeAddDeviceFlow?;
+    private readonly reconnectInterval;
+    readonly serverUrl: string;
+    syncDevices: SyncDevice[];
+    deviceId: DeviceId;
+    private readyEventEmitted;
+    private commandSendQueue;
+    private reconnectTimeout?;
+    private shouldReconnect;
+    /**
+     * Public getter for the command send queue.
+     * @returns The command send queue.
+     */
+    getCommandSendQueue(): SyncCommandFromClient[];
+    /**
+     * Creates an instance of SyncManager.
+     * @param mediator - The mediator for accessing other components.
+     * @param deviceType - The type of the device.
+     * @param publicKey - The public key of the device.
+     * @param privateKey - The private key of the device.
+     * @param syncState - The state of the sync.
+     * @param deviceId - The unique identifier of the device.
+     * @throws {InitializationError} If initialization fails (e.g., if the server URL is invalid).
+     */
+    constructor(mediator: TwoFaLibMediator, deviceType: DeviceType, publicKey: PublicKey, privateKey: PrivateKey, syncState: VaultSyncStateWithServerUrl, deviceId: DeviceId);
+    private get libraryLoader();
+    private get cryptoLib();
+    private get persistentStorageManager();
+    private get commandManager();
+    private get dispatchLibEvent();
+    private get log();
+    /**
+     * @returns Whether an add device flow is currently active.
+     */
+    get inAddDeviceFlow(): boolean;
+    /**
+     * @returns Whether the WebSocket connection is open.
+     */
+    get webSocketConnected(): boolean;
+    private getNonce;
+    private sendToServer;
+    /**
+     * Initializes the WebSocket connection to the server.
+     */
+    initServerConnection(): void;
+    private handleWebSocketClose;
+    private handleServerMessage;
+    private attemptReconnect;
+    /**
+     * Initiates the process to add a new device.
+     * @param returnAs - An object specifying what should be returned:
+     *   - `qr: boolean` - If `true`, the result will include a QR code string in the `qr` property.
+     *   - `text: boolean` - If `true`, the result will include initiation data in the `text` property.
+     * @returns A promise that resolves to an object containing:
+     *   - `qr`: If `returnAs.qr` is `true`, this will be a `string` containing the QR code; otherwise, `null`.
+     *   - `text`: If `returnAs.text` is `true`, this will be an `InitiateAddDeviceFlowResult` object; otherwise, `null`.
+     * @throws {SyncAddDeviceFlowConflictError} If an add device flow is already active.
+     * @throws {SyncNoServerConnectionError} If there is no server connection.
+     */
+    initiateAddDeviceFlow(returnAs: {
+        qr: true;
+        text: true;
+    }): Promise<{
+        qr: string;
+        text: string;
+    }>;
+    /**
+     * @inheritdoc
+     */
+    initiateAddDeviceFlow(returnAs: {
+        qr: true;
+        text: false;
+    }): Promise<{
+        qr: string;
+        text: null;
+    }>;
+    /**
+     * @inheritdoc
+     */
+    initiateAddDeviceFlow(returnAs: {
+        qr: false;
+        text: true;
+    }): Promise<{
+        qr: null;
+        text: string;
+    }>;
+    /**
+     * @inheritdoc
+     */
+    initiateAddDeviceFlow(returnAs: {
+        qr: false;
+        text: false;
+    }): Promise<{
+        qr: null;
+        text: null;
+    }>;
+    /**
+     * Responds to an add device flow initiated by another device.
+     * @param initiatorData The data received from the initiating device.
+     * @param initiatorDataType The type of the initiatorData, determines how it should be decoded
+     * @throws {SyncNoServerConnectionError} If there is no server connection.
+     * @throws {SyncAddDeviceFlowConflictError} If an add device flow is already active.
+     * @throws {SyncError} If the initiator data is invalid.
+     */
+    respondToAddDeviceFlow(initiatorData: string | Uint8Array | File, initiatorDataType: 'text' | 'qr'): Promise<void>;
+    private finishAddDeviceFlowKeyExchangeInitiator;
+    private finishAddDeviceFlowKeyExchangeResponder;
+    private sendInitialVaultData;
+    private importInitialVaultState;
+    /**
+     * Cancels the active add sync device flow.
+     * @throws {SyncNoServerConnectionError} If there is no server connection.
+     * @throws {SyncInWrongStateError} If there is no active add device flow.
+     */
+    cancelAddSyncDevice(): void;
+    /**
+     * Sends a command to the server to synchronize with other devices.
+     * @param command - The command to be sent.
+     * @throws {SyncNoServerConnectionError} If there is no server connection.
+     */
+    sendCommand(command: Command): Promise<void>;
+    private processCommandSendQueue;
+    /**
+     * Handles the confirmation that the sever succesfully received (some) send commands
+     * @param commandIds - The ids of the received commands
+     */
+    private commandsSuccesfullyReceived;
+    /**
+     * Receives and processes commands from other devices.
+     * @param encryptedCommands - The commands
+     * @throws {CryptoError} If decryption fails.
+     */
+    receiveCommands(encryptedCommands: SyncCommandFromServer[]): Promise<void>;
+    /**
+     * Add a sync device
+     * @param deviceInfo - The info about the device
+     */
+    addSyncDevice(deviceInfo: AddSyncDeviceData): Promise<void>;
+    /**
+     * Function to call when the server connection should be closed
+     */
+    closeServerConnection(): void;
+}
+export default SyncManager;