holosphere 2.0.0-alpha1 → 2.0.0-alpha4

package/src/storage/gun-auth.js

@@ -0,0 +1,303 @@
+/**
+ * GunDB Authentication Handler
+ * Handles user authentication and private data storage using Gun's user system
+ *
+ * Private data is stored under: user.get('private').get(lens).get(key)
+ * Usernames are namespaced: ${appname}:${holonId}
+ */
+
+import { gunPromise, gunPut } from './gun-async.js';
+
+/**
+ * Authentication handler for GunDB backend
+ */
+export class GunAuth {
+  /**
+   * Create a new authentication handler
+   * @param {Object} gun - Gun instance
+   * @param {string} appname - Application namespace
+   */
+  constructor(gun, appname) {
+    this.gun = gun;
+    this.appname = appname;
+    this.user = null;
+    this.authenticated = false;
+    this.currentHolonId = null;
+  }
+
+  /**
+   * Generate a namespaced username for a holon
+   * @param {string} holonId - Holon ID
+   * @returns {string} Namespaced username
+   */
+  userName(holonId) {
+    return `${this.appname}:${holonId}`;
+  }
+
+  /**
+   * Authenticate a user for a specific holon
+   * @param {string} holonId - Holon ID
+   * @param {string} password - Password
+   * @returns {Promise<Object>} Authenticated user object
+   */
+  async authenticate(holonId, password) {
+    if (!holonId || !password) {
+      throw new Error('authenticate: holonId and password are required');
+    }
+
+    const username = this.userName(holonId);
+    this.user = this.gun.user();
+
+    return new Promise((resolve, reject) => {
+      this.user.auth(username, password, (ack) => {
+        if (ack.err) {
+          this.authenticated = false;
+          this.currentHolonId = null;
+          reject(new Error(ack.err));
+        } else {
+          this.authenticated = true;
+          this.currentHolonId = holonId;
+          resolve(this.user);
+        }
+      });
+    });
+  }
+
+  /**
+   * Create a new user for a holon
+   * @param {string} holonId - Holon ID
+   * @param {string} password - Password
+   * @returns {Promise<Object>} Created user object
+   */
+  async createUser(holonId, password) {
+    if (!holonId || !password) {
+      throw new Error('createUser: holonId and password are required');
+    }
+
+    const username = this.userName(holonId);
+    this.user = this.gun.user();
+
+    return new Promise((resolve, reject) => {
+      this.user.create(username, password, (ack) => {
+        if (ack.err) {
+          reject(new Error(ack.err));
+        } else {
+          // Auto-login after creation
+          this.user.auth(username, password, (authAck) => {
+            if (authAck.err) {
+              reject(new Error(authAck.err));
+            } else {
+              this.authenticated = true;
+              this.currentHolonId = holonId;
+              resolve(this.user);
+            }
+          });
+        }
+      });
+    });
+  }
+
+  /**
+   * Logout current user
+   */
+  logout() {
+    if (this.user) {
+      this.user.leave();
+    }
+    this.authenticated = false;
+    this.currentHolonId = null;
+    this.user = null;
+  }
+
+  /**
+   * Check if currently authenticated
+   * @returns {boolean} True if authenticated
+   */
+  isAuthenticated() {
+    return this.authenticated && this.user !== null;
+  }
+
+  /**
+   * Get the private data path for a lens and key
+   * @param {string} lens - Lens name
+   * @param {string} key - Data key (optional)
+   * @returns {Object} Gun chain reference
+   */
+  getPrivatePath(lens, key = null) {
+    if (!this.isAuthenticated()) {
+      throw new Error('Not authenticated');
+    }
+
+    const basePath = this.user.get('private').get(lens);
+    return key ? basePath.get(key) : basePath;
+  }
+
+  /**
+   * Write data to private storage
+   * @param {string} lens - Lens name
+   * @param {string} key - Data key
+   * @param {Object} data - Data to write
+   * @returns {Promise<boolean>} Success indicator
+   */
+  async writePrivate(lens, key, data) {
+    if (!this.isAuthenticated()) {
+      throw new Error('Not authenticated');
+    }
+
+    if (!data || !key) {
+      throw new Error('writePrivate: key and data are required');
+    }
+
+    try {
+      const serialized = JSON.stringify(data);
+      await gunPut(this.getPrivatePath(lens, key), serialized, 2000);
+      return true;
+    } catch (error) {
+      throw error;
+    }
+  }
+
+  /**
+   * Read data from private storage
+   * @param {string} lens - Lens name
+   * @param {string} key - Data key
+   * @returns {Promise<Object|null>} Data or null if not found
+   */
+  async readPrivate(lens, key) {
+    if (!this.isAuthenticated()) {
+      throw new Error('Not authenticated');
+    }
+
+    try {
+      const rawData = await gunPromise(this.getPrivatePath(lens, key), 2000);
+
+      if (!rawData) {
+        return null;
+      }
+
+      // Deserialize - primary format is JSON string (like old holosphere)
+      if (typeof rawData === 'string') {
+        try {
+          return JSON.parse(rawData);
+        } catch (e) {
+          return rawData; // Return as-is if not valid JSON
+        }
+      }
+
+      // Legacy _json wrapper format
+      if (rawData._json && typeof rawData._json === 'string') {
+        try {
+          return JSON.parse(rawData._json);
+        } catch (e) {
+          return null;
+        }
+      }
+
+      // Plain object format
+      if (typeof rawData === 'object') {
+        const cleaned = { ...rawData };
+        delete cleaned['_'];
+        return cleaned;
+      }
+
+      return null;
+    } catch (error) {
+      throw error;
+    }
+  }
+
+  /**
+   * Read all data from a private lens
+   * @param {string} lens - Lens name
+   * @param {number} timeout - Timeout in ms
+   * @returns {Promise<Object[]>} Array of data objects
+   */
+  async readAllPrivate(lens, timeout = 2000) {
+    if (!this.isAuthenticated()) {
+      throw new Error('Not authenticated');
+    }
+
+    return new Promise((resolve) => {
+      const results = [];
+      const seen = new Set();
+      const ref = this.getPrivatePath(lens);
+
+      const timer = setTimeout(() => {
+        try {
+          ref.off();
+        } catch (e) {}
+        resolve(results);
+      }, timeout);
+
+      ref.map().once((data, key) => {
+        if (data && !key.startsWith('_') && !seen.has(key)) {
+          seen.add(key);
+
+          let parsed = null;
+          // Primary: JSON string format (like old holosphere)
+          if (typeof data === 'string') {
+            try {
+              parsed = JSON.parse(data);
+            } catch (e) {
+              parsed = data;
+            }
+          // Legacy: _json wrapper format
+          } else if (data._json && typeof data._json === 'string') {
+            try {
+              parsed = JSON.parse(data._json);
+            } catch (e) {}
+          // Plain object
+          } else if (typeof data === 'object') {
+            parsed = { ...data };
+            delete parsed['_'];
+          }
+
+          if (parsed && !parsed._deleted) {
+            results.push(parsed);
+          }
+        }
+      });
+    });
+  }
+
+  /**
+   * Delete data from private storage
+   * @param {string} lens - Lens name
+   * @param {string} key - Data key
+   * @returns {Promise<boolean>} Success indicator
+   */
+  async deletePrivate(lens, key) {
+    if (!this.isAuthenticated()) {
+      throw new Error('Not authenticated');
+    }
+
+    try {
+      // Get existing data to preserve ID
+      const existing = await this.readPrivate(lens, key);
+
+      // Create tombstone
+      const tombstone = {
+        id: existing?.id || key,
+        _deleted: true,
+        _deletedAt: Date.now()
+      };
+
+      await gunPut(this.getPrivatePath(lens, key), JSON.stringify(tombstone));
+      return true;
+    } catch (error) {
+      throw error;
+    }
+  }
+}
+
+/**
+ * Create an authentication handler instance
+ * @param {Object} gun - Gun instance
+ * @param {string} appname - Application namespace
+ * @returns {GunAuth} Auth handler instance
+ */
+export function createAuthHandler(gun, appname) {
+  return new GunAuth(gun, appname);
+}
+
+export default GunAuth;