nostr-double-ratchet 0.0.32 → 0.0.34

package/src/Invite.ts

@@ -130,6 +130,10 @@ export class Invite {
         };
         const seenIds = new Set<string>()
         const unsub = subscribe(filter, (event) => {
+            if (event.pubkey !== user) {
+                console.error("Got invite event from wrong user", event.pubkey, "expected", user)
+                return;
+            }
             if (seenIds.has(event.id)) return
             seenIds.add(event.id)
             try {
@@ -189,16 +193,38 @@ export class Invite {
         };
     }
 
+    /**
+     * Creates an "invite tombstone" event that clears the original content and removes the list tag.
+     * Used when the inviter logs out and wants to make the invite invisible to other devices.
+     */
+    getDeletionEvent(): UnsignedEvent {
+        if (!this.deviceId) {
+            throw new Error("Device ID is required");
+        }
+        return {
+            kind: INVITE_EVENT_KIND,
+            pubkey: this.inviter,
+            content: "", // deliberately empty
+            created_at: Math.floor(Date.now() / 1000),
+            tags: [
+                ['ephemeralKey', this.inviterEphemeralPublicKey],
+                ['sharedSecret', this.sharedSecret],
+                ['d', 'double-ratchet/invites/' + this.deviceId], // same d tag
+            ],
+        };
+    }
+
     /**
      * Called by the invitee. Accepts the invite and creates a new session with the inviter.
      *
      * @param nostrSubscribe - A function to subscribe to Nostr events
      * @param inviteePublicKey - The invitee's public key
      * @param encryptor - The invitee's secret key or a signing/encrypt function
+     * @param deviceId - Optional device ID to identify the invitee's device
      * @returns An object containing the new session and an event to be published
      *
      * 1. Inner event: No signature, content encrypted with DH(inviter, invitee).
-     *    Purpose: Authenticate invitee. Contains invitee session key.
+     *    Purpose: Authenticate invitee. Contains invitee session key and deviceId.
      * 2. Envelope: No signature, content encrypted with DH(inviter, random key).
      *    Purpose: Contains inner event. Hides invitee from others who might have the shared Nostr key.
 
@@ -209,6 +235,7 @@ export class Invite {
         nostrSubscribe: NostrSubscribe,
         inviteePublicKey: string,
         encryptor: Uint8Array | EncryptFunction,
+        deviceId?: string,
     ): Promise<{ session: Session, event: VerifiedEvent }> {
         const inviteeSessionKey = generateSecretKey();
         const inviteeSessionPublicKey = getPublicKey(inviteeSessionKey);
@@ -223,7 +250,11 @@ export class Invite {
             encryptor :
             (plaintext: string, pubkey: string) => Promise.resolve(nip44.encrypt(plaintext, getConversationKey(encryptor, pubkey)));
 
-        const dhEncrypted = await encrypt(inviteeSessionPublicKey, inviterPublicKey);
+        const payload = JSON.stringify({
+            sessionKey: inviteeSessionPublicKey,
+            deviceId: deviceId
+        });
+        const dhEncrypted = await encrypt(payload, inviterPublicKey);
 
         const innerEvent = {
             pubkey: inviteePublicKey,
@@ -247,7 +278,7 @@ export class Invite {
         return { session, event: finalizeEvent(envelope, randomSenderKey) };
     }
 
-    listen(decryptor: Uint8Array | DecryptFunction, nostrSubscribe: NostrSubscribe, onSession: (_session: Session, _identity?: string) => void): Unsubscribe {
+    listen(decryptor: Uint8Array | DecryptFunction, nostrSubscribe: NostrSubscribe, onSession: (_session: Session, _identity: string, _deviceId?: string) => void): Unsubscribe {
         if (!this.inviterEphemeralPrivateKey) {
             throw new Error("Inviter session key is not available");
         }
@@ -279,12 +310,23 @@ export class Invite {
                     decryptor :
                     (ciphertext: string, pubkey: string) => Promise.resolve(nip44.decrypt(ciphertext, getConversationKey(decryptor, pubkey)));
 
-                const inviteeSessionPublicKey = await innerDecrypt(dhEncrypted, inviteeIdentity);
+                const decryptedPayload = await innerDecrypt(dhEncrypted, inviteeIdentity);
+
+                let inviteeSessionPublicKey: string;
+                let deviceId: string | undefined;
+
+                try {
+                    const parsed = JSON.parse(decryptedPayload);
+                    inviteeSessionPublicKey = parsed.sessionKey;
+                    deviceId = parsed.deviceId;
+                } catch {
+                    inviteeSessionPublicKey = decryptedPayload;
+                }
 
                 const name = event.id;
                 const session = Session.init(nostrSubscribe, inviteeSessionPublicKey, this.inviterEphemeralPrivateKey!, false, sharedSecret, name);
 
-                onSession(session, inviteeIdentity);
+                onSession(session, inviteeIdentity, deviceId);
             } catch {
             }
         });

package/src/UserRecord.ts

@@ -2,16 +2,18 @@ import { Session } from './Session';
 import { NostrSubscribe } from './types';
 
 interface DeviceRecord {
+  deviceId: string;
   publicKey: string;
   activeSession?: Session;
   inactiveSessions: Session[];
   isStale: boolean;
   staleTimestamp?: number;
+  lastActivity?: number;
 }
 
 /**
- * WIP: Conversation management system similar to Signal's Sesame
- * https://signal.org/docs/specifications/sesame/
+ * Manages sessions for a single user across multiple devices
+ * Structure: UserRecord → DeviceRecord → Sessions
  */
 export class UserRecord {
   private deviceRecords: Map<string, DeviceRecord> = new Map();
@@ -19,231 +21,318 @@ export class UserRecord {
   private staleTimestamp?: number;
 
   constructor(
-    public _userId: string,
-    private _nostrSubscribe: NostrSubscribe,
+    public readonly userId: string,
+    private readonly nostrSubscribe: NostrSubscribe,
   ) {
   }
 
+  // ============================================================================
+  // Device Management
+  // ============================================================================
+
   /**
-   * Adds or updates a device record for this user
+   * Creates or updates a device record for this user
    */
-  public conditionalUpdate(deviceId: string, publicKey: string): void {
-    const existingRecord = this.deviceRecords.get(deviceId);
+  public upsertDevice(deviceId: string, publicKey: string): DeviceRecord {
+    let record = this.deviceRecords.get(deviceId);
     
-    // If device record doesn't exist or public key changed, create new empty record
-    if (!existingRecord || existingRecord.publicKey !== publicKey) {
-      this.deviceRecords.set(deviceId, {
+    if (!record) {
+      record = {
+        deviceId,
         publicKey,
         inactiveSessions: [],
-        isStale: false
-      });
+        isStale: false,
+        lastActivity: Date.now()
+      };
+      this.deviceRecords.set(deviceId, record);
+    } else if (record.publicKey !== publicKey) {
+      // Public key changed - mark old sessions as inactive and update
+      if (record.activeSession) {
+        record.inactiveSessions.push(record.activeSession);
+        record.activeSession = undefined;
+      }
+      record.publicKey = publicKey;
+      record.lastActivity = Date.now();
     }
+
+    return record;
   }
 
   /**
-   * Inserts a new session for a device, making it the active session
+   * Gets a device record by deviceId
    */
-  public insertSession(deviceId: string, session: Session): void {
-    this.upsertSession(deviceId, session)
+  public getDevice(deviceId: string): DeviceRecord | undefined {
+    return this.deviceRecords.get(deviceId);
+  }
+
+  /**
+   * Gets all device records for this user
+   */
+  public getAllDevices(): DeviceRecord[] {
+    return Array.from(this.deviceRecords.values());
+  }
+
+  /**
+   * Gets all active (non-stale) device records
+   */
+  public getActiveDevices(): DeviceRecord[] {
+    if (this.isStale) return [];
+    return Array.from(this.deviceRecords.values()).filter(device => !device.isStale);
   }
 
   /**
-   * Activates an inactive session for a device
+   * Removes a device record and closes all its sessions
    */
-  public activateSession(deviceId: string, session: Session): void {
+  public removeDevice(deviceId: string): boolean {
     const record = this.deviceRecords.get(deviceId);
-    if (!record) {
-      throw new Error(`No device record found for ${deviceId}`);
-    }
+    if (!record) return false;
 
-    const sessionIndex = record.inactiveSessions.indexOf(session);
-    if (sessionIndex === -1) {
-      throw new Error('Session not found in inactive sessions');
-    }
+    // Close all sessions for this device
+    record.activeSession?.close();
+    record.inactiveSessions.forEach(session => session.close());
+    
+    return this.deviceRecords.delete(deviceId);
+  }
 
-    // Remove session from inactive list
-    record.inactiveSessions.splice(sessionIndex, 1);
+  // ============================================================================
+  // Session Management
+  // ============================================================================
 
-    // Move current active session to inactive list if it exists
-    if (record.activeSession) {
-      record.inactiveSessions.unshift(record.activeSession);
+  /**
+   * Adds or updates a session for a specific device
+   */
+  public upsertSession(deviceId: string, session: Session, publicKey?: string): void {
+    const device = this.upsertDevice(deviceId, publicKey || session.state?.theirNextNostrPublicKey || '');
+    
+    // If there's an active session, move it to inactive
+    if (device.activeSession) {
+      device.inactiveSessions.unshift(device.activeSession);
     }
 
-    // Set selected session as active
-    record.activeSession = session;
+    // Set the new session as active
+    session.name = deviceId; // Ensure session name matches deviceId
+    device.activeSession = session;
+    device.lastActivity = Date.now();
   }
 
   /**
-   * Marks a device record as stale
+   * Gets the active session for a specific device
    */
-  public markDeviceStale(deviceId: string): void {
-    const record = this.deviceRecords.get(deviceId);
-    if (record) {
-      record.isStale = true;
-      record.staleTimestamp = Date.now();
-    }
+  public getActiveSession(deviceId: string): Session | undefined {
+    const device = this.deviceRecords.get(deviceId);
+    return device?.isStale ? undefined : device?.activeSession;
   }
 
   /**
-   * Marks the entire user record as stale
+   * Gets all sessions (active + inactive) for a specific device
    */
-  public markUserStale(): void {
-    this.isStale = true;
-    this.staleTimestamp = Date.now();
+  public getDeviceSessions(deviceId: string): Session[] {
+    const device = this.deviceRecords.get(deviceId);
+    if (!device) return [];
+
+    const sessions: Session[] = [];
+    if (device.activeSession) {
+      sessions.push(device.activeSession);
+    }
+    sessions.push(...device.inactiveSessions);
+    return sessions;
   }
 
   /**
-   * Gets all non-stale device records with active sessions
+   * Gets all active sessions across all devices for this user
    */
-  public getActiveDevices(): Array<[string, Session]> {
-    if (this.isStale) return [];
+  public getActiveSessions(): Session[] {
+    const sessions: Session[] = [];
+
+    for (const device of this.getActiveDevices()) {
+      if (device.activeSession) {
+        sessions.push(device.activeSession);
+      }
+    }
+
+    // Sort by ability to send messages (prioritize ready sessions)
+    sessions.sort((a, b) => {
+      const aCanSend = !!(a.state?.theirNextNostrPublicKey && a.state?.ourCurrentNostrKey);
+      const bCanSend = !!(b.state?.theirNextNostrPublicKey && b.state?.ourCurrentNostrKey);
+      
+      if (aCanSend && !bCanSend) return -1;
+      if (!aCanSend && bCanSend) return 1;
+      return 0;
+    });
 
-    return Array.from(this.deviceRecords.entries())
-      .filter(([, record]) => !record.isStale && record.activeSession)
-      .map(([deviceId, record]) => [deviceId, record.activeSession!]);
+    return sessions;
   }
 
   /**
-   * Creates a new session for a device
+   * Gets all sessions (active + inactive) across all devices
    */
-  public createSession(
-    deviceId: string, 
-    sharedSecret: Uint8Array,
-    ourCurrentPrivateKey: Uint8Array,
-    isInitiator: boolean,
-    name?: string
-  ): Session {
-    const record = this.deviceRecords.get(deviceId);
-    if (!record) {
-      throw new Error(`No device record found for ${deviceId}`);
+  public getAllSessions(): Session[] {
+    const sessions: Session[] = [];
+
+    for (const device of this.deviceRecords.values()) {
+      if (device.activeSession) {
+        sessions.push(device.activeSession);
+      }
+      sessions.push(...device.inactiveSessions);
     }
 
-    const session = Session.init(
-      this._nostrSubscribe,
-      record.publicKey,
-      ourCurrentPrivateKey,
-      isInitiator,
-      sharedSecret,
-      name
+    return sessions;
+  }
+
+  /**
+   * Gets sessions that are ready to send messages
+   */
+  public getSendableSessions(): Session[] {
+    return this.getActiveSessions().filter(session => 
+      !!(session.state?.theirNextNostrPublicKey && session.state?.ourCurrentNostrKey)
     );
+  }
 
-    this.insertSession(deviceId, session);
-    return session;
+  // ============================================================================
+  // Stale Management
+  // ============================================================================
+
+  /**
+   * Marks a specific device as stale
+   */
+  public markDeviceStale(deviceId: string): void {
+    const device = this.deviceRecords.get(deviceId);
+    if (device) {
+      device.isStale = true;
+      device.staleTimestamp = Date.now();
+    }
   }
 
   /**
-   * Deletes stale records that are older than maxLatency
+   * Marks the entire user record as stale
+   */
+  public markUserStale(): void {
+    this.isStale = true;
+    this.staleTimestamp = Date.now();
+  }
+
+  /**
+   * Removes stale devices and sessions older than maxLatency
    */
   public pruneStaleRecords(maxLatency: number): void {
     const now = Date.now();
 
-    // Delete stale device records
-    for (const [deviceId, record] of this.deviceRecords.entries()) {
-      if (record.isStale && record.staleTimestamp && 
-          (now - record.staleTimestamp) > maxLatency) {
-        // Close all sessions
-        record.activeSession?.close();
-        record.inactiveSessions.forEach(session => session.close());
-        this.deviceRecords.delete(deviceId);
+    // Remove stale devices
+    for (const [deviceId, device] of this.deviceRecords.entries()) {
+      if (device.isStale && device.staleTimestamp && 
+          (now - device.staleTimestamp) > maxLatency) {
+        this.removeDevice(deviceId);
       }
     }
 
-    // Delete entire user record if stale
+    // Remove entire user record if stale
     if (this.isStale && this.staleTimestamp && 
         (now - this.staleTimestamp) > maxLatency) {
-      this.deviceRecords.forEach(record => {
-        record.activeSession?.close();
-        record.inactiveSessions.forEach(session => session.close());
-      });
-      this.deviceRecords.clear();
+      this.close();
     }
   }
 
+  // ============================================================================
+  // Utility Methods
+  // ============================================================================
+
   /**
-   * Cleanup when destroying the user record
+   * Gets the most recently active device
    */
-  public close(): void {
-    this.deviceRecords.forEach(record => {
-      record.activeSession?.close();
-      record.inactiveSessions.forEach(session => session.close());
+  public getMostActiveDevice(): DeviceRecord | undefined {
+    const activeDevices = this.getActiveDevices();
+    if (activeDevices.length === 0) return undefined;
+
+    return activeDevices.reduce((most, current) => {
+      const mostActivity = most.lastActivity || 0;
+      const currentActivity = current.lastActivity || 0;
+      return currentActivity > mostActivity ? current : most;
     });
-    this.deviceRecords.clear();
   }
 
-  // ---------------------------------------------------------------------------
-  // Helper methods used by SessionManager (WIP):
-  // ---------------------------------------------------------------------------
-
   /**
-   * Return all sessions that are currently considered *active*.
-   * For now this means any session in a non-stale device record as well as
-   * all sessions added through `addSession`.
-   * Prioritizes initiator sessions (can send first message) over responder sessions.
+   * Gets the preferred session (from most active device)
    */
-  public getActiveSessions(): Session[] {
-    const sessions: Session[] = [];
-
-    for (const record of this.deviceRecords.values()) {
-      if (!record.isStale && record.activeSession) {
-        sessions.push(record.activeSession);
-      }
-    }
+  public getPreferredSession(): Session | undefined {
+    const mostActive = this.getMostActiveDevice();
+    return mostActive?.activeSession;
+  }
 
-    sessions.sort((a, b) => {
-      const aCanSend = !!(a.state?.theirNextNostrPublicKey && a.state?.ourCurrentNostrKey);
-      const bCanSend = !!(b.state?.theirNextNostrPublicKey && b.state?.ourCurrentNostrKey);
-      
-      if (aCanSend && !bCanSend) return -1; // a comes first
-      if (!aCanSend && bCanSend) return 1;  // b comes first
-      return 0; // equal priority
-    });
+  /**
+   * Checks if this user has any active sessions
+   */
+  public hasActiveSessions(): boolean {
+    return this.getActiveSessions().length > 0;
+  }
 
-    return sessions;
+  /**
+   * Gets total count of devices
+   */
+  public getDeviceCount(): number {
+    return this.deviceRecords.size;
   }
 
   /**
-   * Return *all* sessions — active or inactive — that we have stored for this
-   * user. This is required for `SessionManager.onEvent` so that it can attach
-   * listeners to existing sessions.
+   * Gets total count of active sessions
    */
-  public getAllSessions(): Session[] {
-    const sessions: Session[] = [];
+  public getActiveSessionCount(): number {
+    return this.getActiveSessions().length;
+  }
 
-    for (const record of this.deviceRecords.values()) {
-      if (record.activeSession) {
-        sessions.push(record.activeSession);
-      }
-      sessions.push(...record.inactiveSessions);
+  /**
+   * Cleanup when destroying the user record
+   */
+  public close(): void {
+    for (const device of this.deviceRecords.values()) {
+      device.activeSession?.close();
+      device.inactiveSessions.forEach(session => session.close());
     }
+    this.deviceRecords.clear();
+  }
 
-    return sessions;
+  // ============================================================================
+  // Legacy Compatibility Methods
+  // ============================================================================
+
+  /**
+   * @deprecated Use upsertDevice instead
+   */
+  public conditionalUpdate(deviceId: string, publicKey: string): void {
+    this.upsertDevice(deviceId, publicKey);
   }
 
   /**
-   * Unified helper that either associates the session with a device record
-   * (if deviceId provided **and** the record exists) or falls back to the
-   * legacy extraSessions list.
+   * @deprecated Use upsertSession instead  
    */
-  public upsertSession(deviceId: string | undefined, session: Session) {
-    if (!deviceId) {
-      deviceId = 'unknown'
-    }
+  public insertSession(deviceId: string, session: Session): void {
+    this.upsertSession(deviceId, session);
+  }
 
-    let record = this.deviceRecords.get(deviceId)
-    if (!record) {
-      record = {
-        publicKey: session.state?.theirNextNostrPublicKey || '',
-        inactiveSessions: [],
-        isStale: false
-      }
-      this.deviceRecords.set(deviceId, record)
+  /**
+   * Creates a new session for a device
+   */
+  public createSession(
+    deviceId: string, 
+    sharedSecret: Uint8Array,
+    ourCurrentPrivateKey: Uint8Array,
+    isInitiator: boolean,
+    name?: string
+  ): Session {
+    const device = this.getDevice(deviceId);
+    if (!device) {
+      throw new Error(`No device record found for ${deviceId}`);
     }
 
-    if (record.activeSession) {
-      record.inactiveSessions.unshift(record.activeSession)
-    }
-    // Ensure session name matches deviceId for easier identification
-    session.name = deviceId
-    record.activeSession = session
+    const session = Session.init(
+      this.nostrSubscribe,
+      device.publicKey,
+      ourCurrentPrivateKey,
+      isInitiator,
+      sharedSecret,
+      name || deviceId
+    );
+
+    this.upsertSession(deviceId, session);
+    return session;
   }
 }