nostr-double-ratchet 0.0.28 → 0.0.29

package/src/Invite.ts

@@ -25,13 +25,13 @@ export class Invite {
         public sharedSecret: string,
         public inviter: string,
         public inviterEphemeralPrivateKey?: Uint8Array,
-        public label?: string,
+        public deviceId?: string,
         public maxUses?: number,
         public usedBy: string[] = [],
     ) {
     }
 
-    static createNew(inviter: string, label?: string, maxUses?: number): Invite {
+    static createNew(inviter: string, deviceId?: string, maxUses?: number): Invite {
         if (!inviter) {
             throw new Error("Inviter public key is required");
         }
@@ -43,7 +43,7 @@ export class Invite {
             sharedSecret,
             inviter,
             inviterEphemeralPrivateKey,
-            label,
+            deviceId,
             maxUses
         );
     }
@@ -82,7 +82,7 @@ export class Invite {
             data.sharedSecret,
             data.inviter,
             data.inviterEphemeralPrivateKey ? new Uint8Array(data.inviterEphemeralPrivateKey) : undefined,
-            data.label,
+            data.deviceId,
             data.maxUses,
             data.usedBy
         );
@@ -105,6 +105,10 @@ export class Invite {
         const sharedSecret = tags.find(([key]) => key === 'sharedSecret')?.[1];
         const inviter = event.pubkey;
 
+        // Extract deviceId from the "d" tag (format: double-ratchet/invites/<deviceId>)
+        const deviceTag = tags.find(([key]) => key === 'd')?.[1]
+        const deviceId = deviceTag?.split('/')?.[2]
+
         if (!inviterEphemeralPublicKey || !sharedSecret) {
             throw new Error("Invalid invite event: missing session key or sharedSecret");
         }
@@ -112,7 +116,9 @@ export class Invite {
         return new Invite(
             inviterEphemeralPublicKey,
             sharedSecret,
-            inviter
+            inviter,
+            undefined, // inviterEphemeralPrivateKey not available when parsing from event
+            deviceId
         );
     }
 
@@ -122,12 +128,10 @@ export class Invite {
             authors: [user],
             "#l": ["double-ratchet/invites"]
         };
-        let latest = 0;
+        const seenIds = new Set<string>()
         const unsub = subscribe(filter, (event) => {
-            if (!event.created_at || event.created_at <= latest) {
-                return;
-            }
-            latest = event.created_at;
+            if (seenIds.has(event.id)) return
+            seenIds.add(event.id)
             try {
                 const inviteLink = Invite.fromEvent(event);
                 onInvite(inviteLink);
@@ -147,7 +151,7 @@ export class Invite {
             sharedSecret: this.sharedSecret,
             inviter: this.inviter,
             inviterEphemeralPrivateKey: this.inviterEphemeralPrivateKey ? Array.from(this.inviterEphemeralPrivateKey) : undefined,
-            label: this.label,
+            deviceId: this.deviceId,
             maxUses: this.maxUses,
             usedBy: this.usedBy,
         });
@@ -167,9 +171,9 @@ export class Invite {
         return url.toString();
     }
 
-    getEvent(deviceName: string): UnsignedEvent {
-        if (!deviceName) {
-            throw new Error("Device name is required");
+    getEvent(): UnsignedEvent {
+        if (!this.deviceId) {
+            throw new Error("Device ID is required");
         }
         return {
             kind: INVITE_EVENT_KIND,
@@ -179,7 +183,7 @@ export class Invite {
             tags: [
                 ['ephemeralKey', this.inviterEphemeralPublicKey],
                 ['sharedSecret', this.sharedSecret],
-                ['d', 'double-ratchet/invites/' + deviceName],
+                ['d', 'double-ratchet/invites/' + this.deviceId],
                 ['l', 'double-ratchet/invites']
             ],
         };
@@ -187,11 +191,12 @@ export class Invite {
 
     /**
      * Called by the invitee. Accepts the invite and creates a new session with the inviter.
-     * 
-     * @param inviteeSecretKey - The invitee's secret key or a signing function
+     *
      * @param nostrSubscribe - A function to subscribe to Nostr events
+     * @param inviteePublicKey - The invitee's public key
+     * @param encryptor - The invitee's secret key or a signing/encrypt function
      * @returns An object containing the new session and an event to be published
-     * 
+     *
      * 1. Inner event: No signature, content encrypted with DH(inviter, invitee).
      *    Purpose: Authenticate invitee. Contains invitee session key.
      * 2. Envelope: No signature, content encrypted with DH(inviter, random key).

package/src/Session.ts

@@ -38,9 +38,9 @@ export class Session {
 
   /**
    * Initializes a new secure communication session
-   * @param nostrSubscribe Function to subscribe to Nostr events. Make sure it deduplicates events (doesnt return the same event twice), otherwise you'll see decryption errors!
-   * @param theirNextNostrPublicKey The public key of the other party
-   * @param ourCurrentPrivateKey Our current private key for Nostr
+   * @param nostrSubscribe Function to subscribe to Nostr events. Make sure it deduplicates events (doesn't return the same event twice), otherwise you'll see decryption errors!
+   * @param theirEphemeralNostrPublicKey The ephemeral public key of the other party for the initial handshake
+   * @param ourEphemeralNostrPrivateKey Our ephemeral private key for the initial handshake
    * @param isInitiator Whether we are initiating the conversation (true) or responding (false)
    * @param sharedSecret Initial shared secret for securing the first message chain
    * @param name Optional name for the session (for debugging)

package/src/SessionManager.ts

@@ -2,6 +2,9 @@ import { CHAT_MESSAGE_KIND, NostrPublish, NostrSubscribe, Rumor, Unsubscribe } f
 import { UserRecord } from "./UserRecord"
 import { Invite } from "./Invite"
 import { getPublicKey } from "nostr-tools"
+import { StorageAdapter, InMemoryStorageAdapter } from "./StorageAdapter"
+import { serializeSessionState, deserializeSessionState } from "./utils"
+import { Session } from "./Session"
 
 export default class SessionManager {
     private userRecords: Map<string, UserRecord> = new Map()
@@ -9,13 +12,176 @@ export default class SessionManager {
     private nostrPublish: NostrPublish
     private ourIdentityKey: Uint8Array
     private inviteUnsubscribes: Map<string, Unsubscribe> = new Map()
-    private ownDeviceInvites: Map<string, Invite | null> = new Map()
+    private deviceId: string
+    private invite?: Invite
+    private storage: StorageAdapter
 
-    constructor(ourIdentityKey: Uint8Array, nostrSubscribe: NostrSubscribe, nostrPublish: NostrPublish) {
+    constructor(
+        ourIdentityKey: Uint8Array,
+        deviceId: string,
+        nostrSubscribe: NostrSubscribe,
+        nostrPublish: NostrPublish,
+        storage: StorageAdapter = new InMemoryStorageAdapter(),
+    ) {
         this.userRecords = new Map()
         this.nostrSubscribe = nostrSubscribe
         this.nostrPublish = nostrPublish
         this.ourIdentityKey = ourIdentityKey
+        this.deviceId = deviceId
+        this.storage = storage
+
+        // Kick off initialisation in background for backwards compatibility
+        // Users that need to wait can call await manager.init()
+        this.init()
+    }
+
+    private _initialised = false
+
+    /**
+     * Perform asynchronous initialisation steps: create (or load) our invite,
+     * publish it, hydrate sessions from storage and subscribe to new invites.
+     * Can be awaited by callers that need deterministic readiness.
+     */
+    public async init(): Promise<void> {
+        if (this._initialised) return
+
+        const ourPublicKey = getPublicKey(this.ourIdentityKey)
+
+        // 1. Hydrate existing sessions (placeholder for future implementation)
+        await this.loadSessions()
+
+        // 2. Create or load our own invite
+        let invite: Invite | undefined
+        try {
+            const stored = await this.storage.get<string>(`invite/${this.deviceId}`)
+            if (stored) {
+                invite = Invite.deserialize(stored)
+            }
+        } catch {/* ignore malformed */}
+
+        if (!invite) {
+            invite = Invite.createNew(ourPublicKey, this.deviceId)
+            await this.storage.put(`invite/${this.deviceId}`, invite.serialize()).catch(() => {})
+        }
+        this.invite = invite
+
+        // 2b. Listen for acceptances of *our* invite and create sessions
+        this.invite.listen(
+            this.ourIdentityKey,
+            this.nostrSubscribe,
+            (session, inviteePubkey) => {
+                if (!inviteePubkey) return
+                try {
+                    let userRecord = this.userRecords.get(inviteePubkey)
+                    if (!userRecord) {
+                        userRecord = new UserRecord(inviteePubkey, this.nostrSubscribe)
+                        this.userRecords.set(inviteePubkey, userRecord)
+                    }
+
+                    const deviceKey = session.name || 'unknown'
+                    userRecord.upsertSession(deviceKey, session)
+                    this.saveSession(inviteePubkey, deviceKey, session)
+
+                    session.onEvent((_event: Rumor) => {
+                        this.internalSubscriptions.forEach(cb => cb(_event))
+                    })
+                } catch {/* ignore errors */}
+            }
+        )
+
+        // 3. Subscribe to our own invites from other devices
+        Invite.fromUser(ourPublicKey, this.nostrSubscribe, async (invite) => {
+            try {
+                const inviteDeviceId = invite['deviceId'] || 'unknown'
+                if (!inviteDeviceId || inviteDeviceId === this.deviceId) {
+                    return
+                }
+
+                const existingRecord = this.userRecords.get(ourPublicKey)
+                if (existingRecord?.getActiveSessions().some(session => session.name === inviteDeviceId)) {
+                    return
+                }
+
+                const { session, event } = await invite.accept(
+                    this.nostrSubscribe,
+                    ourPublicKey,
+                    this.ourIdentityKey
+                )
+                this.nostrPublish(event)?.catch(() => {})
+
+                this.saveSession(ourPublicKey, inviteDeviceId, session)
+
+                let userRecord = this.userRecords.get(ourPublicKey)
+                if (!userRecord) {
+                    userRecord = new UserRecord(ourPublicKey, this.nostrSubscribe)
+                    this.userRecords.set(ourPublicKey, userRecord)
+                }
+                const deviceId = invite['deviceId'] || event.id || 'unknown'
+                userRecord.upsertSession(deviceId, session)
+                this.saveSession(ourPublicKey, deviceId, session)
+
+                session.onEvent((_event: Rumor) => {
+                    this.internalSubscriptions.forEach(cb => cb(_event))
+                })
+            } catch (err) {
+                // eslint-disable-next-line no-console
+                console.error('Own-invite accept failed', err)
+            }
+        })
+
+        this._initialised = true
+        await this.nostrPublish(this.invite.getEvent()).catch(() => {})
+    }
+
+    private async loadSessions() {
+        const base = 'session/'
+        const keys = await this.storage.list(base)
+        for (const key of keys) {
+            const rest = key.substring(base.length)
+            const idx = rest.indexOf('/')
+            if (idx === -1) continue
+            const ownerPubKey = rest.substring(0, idx)
+            const deviceId = rest.substring(idx + 1) || 'unknown'
+
+            const data = await this.storage.get<string>(key)
+            if (!data) continue
+            try {
+                const state = deserializeSessionState(data)
+                const session = new Session(this.nostrSubscribe, state)
+
+                let userRecord = this.userRecords.get(ownerPubKey)
+                if (!userRecord) {
+                    userRecord = new UserRecord(ownerPubKey, this.nostrSubscribe)
+                    this.userRecords.set(ownerPubKey, userRecord)
+                }
+                userRecord.upsertSession(deviceId, session)
+                this.saveSession(ownerPubKey, deviceId, session)
+
+                session.onEvent((_event: Rumor) => {
+                    this.internalSubscriptions.forEach(cb => cb(_event))
+                })
+            } catch {
+                // corrupted entry — ignore
+            }
+        }
+    }
+
+    private async saveSession(ownerPubKey: string, deviceId: string, session: Session) {
+        try {
+            const key = `session/${ownerPubKey}/${deviceId}`
+            await this.storage.put(key, serializeSessionState(session.state))
+        } catch {/* ignore */}
+    }
+
+    getDeviceId(): string {
+        return this.deviceId
+    }
+
+    getInvite(): Invite {
+        if (!this.invite) {
+            throw new Error("SessionManager not initialised yet")
+        }
+        return this.invite
     }
 
     async sendText(recipientIdentityKey: string, text: string) {
@@ -32,9 +198,10 @@ export default class SessionManager {
         // Send to recipient's devices
         const userRecord = this.userRecords.get(recipientIdentityKey)
         if (!userRecord) {
-            // Listen for invites from recipient
+            // Listen for invites from recipient and return without throwing; caller
+            // can await a subsequent session establishment.
             this.listenToUser(recipientIdentityKey)
-            throw new Error("No active session with user. Listening for invites.")
+            return []
         }
 
         // Send to all active sessions with recipient
@@ -67,7 +234,7 @@ export default class SessionManager {
                     getPublicKey(this.ourIdentityKey),
                     this.ourIdentityKey
                 )
-                this.nostrPublish(event)
+                this.nostrPublish(event)?.catch(() => {})
 
                 // Store the new session
                 let userRecord = this.userRecords.get(userPubkey)
@@ -75,10 +242,11 @@ export default class SessionManager {
                     userRecord = new UserRecord(userPubkey, this.nostrSubscribe)
                     this.userRecords.set(userPubkey, userRecord)
                 }
-                userRecord.insertSession(event.id || 'unknown', session)
+                const deviceId = (_invite instanceof Invite && _invite.deviceId) ? _invite.deviceId : event.id || 'unknown'
+                this.saveSession(userPubkey, deviceId, session)
 
                 // Set up event handling for the new session
-                session.onEvent((_event) => {
+                session.onEvent((_event: Rumor) => {
                     this.internalSubscriptions.forEach(callback => callback(_event))
                 })
 
@@ -100,9 +268,9 @@ export default class SessionManager {
     }
 
     // Update onEvent to include internalSubscriptions management
-    private internalSubscriptions: Set<(_event: Rumor) => void> = new Set()
+    private internalSubscriptions: Set<(event: Rumor) => void> = new Set()
 
-    onEvent(callback: (_event: Rumor) => void) {
+    onEvent(callback: (event: Rumor) => void) {
         this.internalSubscriptions.add(callback)
 
         // Subscribe to existing sessions
@@ -135,31 +303,26 @@ export default class SessionManager {
         }
         this.userRecords.clear()
         this.internalSubscriptions.clear()
-        this.ownDeviceInvites.clear()
-    }
-
-    createOwnDeviceInvite(deviceName: string, label?: string, maxUses?: number): Invite {
-        const ourPublicKey = getPublicKey(this.ourIdentityKey)
-        const invite = Invite.createNew(ourPublicKey, label, maxUses)
-        this.ownDeviceInvites.set(deviceName, invite)
-        return invite
-    }
-
-    removeOwnDevice(deviceName: string): void {
-        this.ownDeviceInvites.set(deviceName, null)
     }
 
-    getOwnDeviceInvites(): Map<string, Invite | null> {
-        return new Map(this.ownDeviceInvites)
-    }
-
-    getActiveOwnDeviceInvites(): Map<string, Invite> {
-        const active = new Map<string, Invite>()
-        for (const [deviceName, invite] of this.ownDeviceInvites) {
-            if (invite !== null) {
-                active.set(deviceName, invite)
-            }
+    /**
+     * Accept an invite as our own device, persist the session, and publish the acceptance event.
+     * Used for multi-device flows where a user adds a new device.
+     */
+    public async acceptOwnInvite(invite: Invite) {
+        const ourPublicKey = getPublicKey(this.ourIdentityKey);
+        const { session, event } = await invite.accept(
+            this.nostrSubscribe,
+            ourPublicKey,
+            this.ourIdentityKey
+        );
+        let userRecord = this.userRecords.get(ourPublicKey);
+        if (!userRecord) {
+            userRecord = new UserRecord(ourPublicKey, this.nostrSubscribe);
+            this.userRecords.set(ourPublicKey, userRecord);
         }
-        return active
+        userRecord.upsertSession(session.name || 'unknown', session);
+        await this.saveSession(ourPublicKey, session.name || 'unknown', session);
+        this.nostrPublish(event)?.catch(() => {});
     }
 }

package/src/StorageAdapter.ts

@@ -0,0 +1,43 @@
+/*
+ * Simple async key	value storage interface plus an in	memory implementation.
+ *
+ * All methods are Promise	based to accommodate back	ends like
+ * IndexedDB, SQLite, remote HTTP APIs, etc.  For environments where you only
+ * need ephemeral data (tests, Node scripts) the InMemoryStorageAdapter can be
+ * used directly.
+ */
+
+export interface StorageAdapter {
+  /** Retrieve a value by key. */
+  get<T = unknown>(key: string): Promise<T | undefined>
+  /** Store a value by key. */
+  put<T = unknown>(key: string, value: T): Promise<void>
+  /** Delete a stored value by key. */
+  del(key: string): Promise<void>
+  /** List all keys that start with the given prefix. */
+  list(prefix?: string): Promise<string[]>
+}
+
+export class InMemoryStorageAdapter implements StorageAdapter {
+  private store = new Map<string, unknown>()
+
+  async get<T = unknown>(key: string): Promise<T | undefined> {
+    return this.store.get(key) as T | undefined
+  }
+
+  async put<T = unknown>(key: string, value: T): Promise<void> {
+    this.store.set(key, value)
+  }
+
+  async del(key: string): Promise<void> {
+    this.store.delete(key)
+  }
+
+  async list(prefix = ''): Promise<string[]> {
+    const keys: string[] = []
+    for (const k of this.store.keys()) {
+      if (k.startsWith(prefix)) keys.push(k)
+    }
+    return keys
+  }
+} 

package/src/UserRecord.ts

@@ -17,15 +17,6 @@ export class UserRecord {
   private deviceRecords: Map<string, DeviceRecord> = new Map();
   private isStale: boolean = false;
   private staleTimestamp?: number;
-  /**
-   * Temporary store for sessions when the corresponding deviceId is unknown.
-   *
-   * SessionManager currently operates at a per-user granularity (it is not
-   * yet aware of individual devices). Until full Sesame device handling is
-   * implemented we keep sessions in this simple list so that
-   * SessionManager.getActiveSessions / getAllSessions work as expected.
-   */
-  private extraSessions: Session[] = [];
 
   constructor(
     public _userId: string,
@@ -53,18 +44,7 @@ export class UserRecord {
    * Inserts a new session for a device, making it the active session
    */
   public insertSession(deviceId: string, session: Session): void {
-    const record = this.deviceRecords.get(deviceId);
-    if (!record) {
-      throw new Error(`No device record found for ${deviceId}`);
-    }
-
-    // Move current active session to inactive list if it exists
-    if (record.activeSession) {
-      record.inactiveSessions.unshift(record.activeSession);
-    }
-
-    // Set new session as active
-    record.activeSession = session;
+    this.upsertSession(deviceId, session)
   }
 
   /**
@@ -194,22 +174,13 @@ export class UserRecord {
   // Helper methods used by SessionManager (WIP):
   // ---------------------------------------------------------------------------
 
-  /**
-   * Add a session without associating it with a specific device.
-   * This is mainly used by SessionManager which does not yet keep track of
-   * device identifiers. The session will be considered active.
-   */
-  public addSession(session: Session): void {
-    this.extraSessions.push(session);
-  }
-
   /**
    * Return all sessions that are currently considered *active*.
    * For now this means any session in a non-stale device record as well as
    * all sessions added through `addSession`.
    */
   public getActiveSessions(): Session[] {
-    const sessions: Session[] = [...this.extraSessions];
+    const sessions: Session[] = [];
 
     for (const record of this.deviceRecords.values()) {
       if (!record.isStale && record.activeSession) {
@@ -226,7 +197,7 @@ export class UserRecord {
    * listeners to existing sessions.
    */
   public getAllSessions(): Session[] {
-    const sessions: Session[] = [...this.extraSessions];
+    const sessions: Session[] = [];
 
     for (const record of this.deviceRecords.values()) {
       if (record.activeSession) {
@@ -237,4 +208,32 @@ export class UserRecord {
 
     return sessions;
   }
+
+  /**
+   * Unified helper that either associates the session with a device record
+   * (if deviceId provided **and** the record exists) or falls back to the
+   * legacy extraSessions list.
+   */
+  public upsertSession(deviceId: string | undefined, session: Session) {
+    if (!deviceId) {
+      deviceId = 'unknown'
+    }
+
+    let record = this.deviceRecords.get(deviceId)
+    if (!record) {
+      record = {
+        publicKey: session.state?.theirNextNostrPublicKey || '',
+        inactiveSessions: [],
+        isStale: false
+      }
+      this.deviceRecords.set(deviceId, record)
+    }
+
+    if (record.activeSession) {
+      record.inactiveSessions.unshift(record.activeSession)
+    }
+    // Ensure session name matches deviceId for easier identification
+    session.name = deviceId
+    record.activeSession = session
+  }
 }

package/src/index.ts

@@ -1,4 +1,5 @@
-export * from "./Session.ts"
+export * from "./Session"
 export * from "./Invite"
 export * from "./types"
-export * from "./utils"
+export * from "./utils"
+export * from "./SessionManager"

package/src/types.ts

@@ -74,7 +74,8 @@ export type Rumor = UnsignedEvent & { id: string }
 
 /** 
  * Callback function for handling decrypted messages
- * @param message - The decrypted message object
+ * @param _event - The decrypted message object (Rumor)
+ * @param _outerEvent - The outer Nostr event (VerifiedEvent)
  */
 export type EventCallback = (_event: Rumor, _outerEvent: VerifiedEvent) => void;