npm - strata-storage - Versions diffs - 2.4.3 → 2.5.0 - Mend

strata-storage 2.4.3 → 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (108) hide show

package/AI-INTEGRATION-GUIDE.md +115 -261
package/README.md +426 -182
package/android/AGENTS.md +34 -0
package/android/CLAUDE.md +51 -0
package/android/src/main/java/com/strata/storage/SQLiteStorage.java +35 -0
package/android/src/main/java/com/stratastorage/StrataStoragePlugin.java +191 -27
package/dist/README.md +426 -182
package/dist/adapters/capacitor/FilesystemAdapter.d.ts.map +1 -1
package/dist/adapters/capacitor/FilesystemAdapter.js +2 -1
package/dist/adapters/capacitor/PreferencesAdapter.d.ts.map +1 -1
package/dist/adapters/capacitor/PreferencesAdapter.js +2 -1
package/dist/adapters/capacitor/SecureAdapter.d.ts.map +1 -1
package/dist/adapters/capacitor/SecureAdapter.js +2 -1
package/dist/adapters/capacitor/SqliteAdapter.d.ts.map +1 -1
package/dist/adapters/capacitor/SqliteAdapter.js +2 -1
package/dist/adapters/web/CacheAdapter.d.ts.map +1 -1
package/dist/adapters/web/CacheAdapter.js +11 -3
package/dist/adapters/web/CookieAdapter.d.ts +37 -1
package/dist/adapters/web/CookieAdapter.d.ts.map +1 -1
package/dist/adapters/web/CookieAdapter.js +89 -9
package/dist/adapters/web/IndexedDBAdapter.d.ts.map +1 -1
package/dist/adapters/web/IndexedDBAdapter.js +10 -2
package/dist/adapters/web/LocalStorageAdapter.d.ts +31 -0
package/dist/adapters/web/LocalStorageAdapter.d.ts.map +1 -1
package/dist/adapters/web/LocalStorageAdapter.js +92 -19
package/dist/adapters/web/MemoryAdapter.d.ts +24 -0
package/dist/adapters/web/MemoryAdapter.d.ts.map +1 -1
package/dist/adapters/web/MemoryAdapter.js +69 -18
package/dist/adapters/web/SessionStorageAdapter.d.ts +24 -0
package/dist/adapters/web/SessionStorageAdapter.d.ts.map +1 -1
package/dist/adapters/web/SessionStorageAdapter.js +71 -9
package/dist/adapters/web/URLAdapter.d.ts +59 -0
package/dist/adapters/web/URLAdapter.d.ts.map +1 -0
package/dist/adapters/web/URLAdapter.js +234 -0
package/dist/adapters/web/index.d.ts +1 -0
package/dist/adapters/web/index.d.ts.map +1 -1
package/dist/adapters/web/index.js +1 -0
package/dist/android/AGENTS.md +34 -0
package/dist/android/CLAUDE.md +51 -0
package/dist/android/src/main/java/com/strata/storage/SQLiteStorage.java +35 -0
package/dist/android/src/main/java/com/stratastorage/StrataStoragePlugin.java +191 -27
package/dist/capacitor.d.ts.map +1 -1
package/dist/capacitor.js +2 -1
package/dist/core/BaseAdapter.d.ts +8 -0
package/dist/core/BaseAdapter.d.ts.map +1 -1
package/dist/core/BaseAdapter.js +34 -14
package/dist/core/Strata.d.ts +56 -2
package/dist/core/Strata.d.ts.map +1 -1
package/dist/core/Strata.js +501 -53
package/dist/features/encryption.d.ts.map +1 -1
package/dist/features/encryption.js +3 -2
package/dist/features/integrity.d.ts +16 -0
package/dist/features/integrity.d.ts.map +1 -0
package/dist/features/integrity.js +28 -0
package/dist/features/observer.d.ts.map +1 -1
package/dist/features/observer.js +2 -1
package/dist/features/query.d.ts +7 -1
package/dist/features/query.d.ts.map +1 -1
package/dist/features/query.js +9 -2
package/dist/features/sync.d.ts.map +1 -1
package/dist/features/sync.js +4 -3
package/dist/index.d.ts +35 -2
package/dist/index.d.ts.map +1 -1
package/dist/index.js +55 -30
package/dist/integrations/angular/index.d.ts +158 -0
package/dist/integrations/angular/index.d.ts.map +1 -0
package/dist/integrations/angular/index.js +395 -0
package/dist/integrations/index.d.ts +15 -0
package/dist/integrations/index.d.ts.map +1 -0
package/dist/integrations/index.js +18 -0
package/dist/integrations/react/index.d.ts +75 -0
package/dist/integrations/react/index.d.ts.map +1 -0
package/dist/integrations/react/index.js +191 -0
package/dist/integrations/vue/index.d.ts +103 -0
package/dist/integrations/vue/index.d.ts.map +1 -0
package/dist/integrations/vue/index.js +274 -0
package/dist/ios/AGENTS.md +33 -0
package/dist/ios/CLAUDE.md +49 -0
package/dist/ios/Plugin/KeychainStorage.swift +139 -50
package/dist/ios/Plugin/SQLiteStorage.swift +40 -0
package/dist/ios/Plugin/StrataStoragePlugin.m +23 -0
package/dist/ios/Plugin/StrataStoragePlugin.swift +201 -52
package/dist/package.json +21 -5
package/dist/plugin/index.d.ts.map +1 -1
package/dist/plugin/index.js +2 -1
package/dist/types/index.d.ts +58 -9
package/dist/types/index.d.ts.map +1 -1
package/dist/types/index.js +0 -13
package/dist/utils/errors.d.ts +7 -0
package/dist/utils/errors.d.ts.map +1 -1
package/dist/utils/errors.js +15 -3
package/dist/utils/index.d.ts +63 -5
package/dist/utils/index.d.ts.map +1 -1
package/dist/utils/index.js +109 -16
package/dist/utils/logger.d.ts +31 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +63 -0
package/ios/AGENTS.md +33 -0
package/ios/CLAUDE.md +49 -0
package/ios/Plugin/KeychainStorage.swift +139 -50
package/ios/Plugin/SQLiteStorage.swift +40 -0
package/ios/Plugin/StrataStoragePlugin.m +23 -0
package/ios/Plugin/StrataStoragePlugin.swift +201 -52
package/package.json +31 -20
package/scripts/build.js +16 -5
package/scripts/configure.js +2 -6
package/scripts/postinstall.js +2 -2
package/Readme.md +0 -271

package/dist/ios/Plugin/KeychainStorage.swift CHANGED Viewed

@@ -1,19 +1,72 @@
 import Foundation
 import Security
+/**
+ * Keychain-backed secure storage.
+ *
+ * Security notes:
+ * - Items default to `kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly`,
+ *   which keeps data available to background tasks after the first unlock
+ *   while preventing it from leaving the device via encrypted backups.
+ *   `kSecAttrAccessibleAlways` / `kSecAttrAccessibleAlwaysThisDeviceOnly`
+ *   are deprecated and insecure and are intentionally NOT used.
+ * - Callers may pass a stricter accessibility class from JS via the
+ *   `accessible` option (see KeychainAccessible in definitions.ts).
+ * - Secret values are never logged.
+ */
 @objc public class KeychainStorage: NSObject {
     private let service: String
     private let accessGroup: String?
+    private let defaultAccessible: CFString
     @objc public init(service: String? = nil, accessGroup: String? = nil) {
         self.service = service ?? Bundle.main.bundleIdentifier ?? "StrataStorage"
         self.accessGroup = accessGroup
+        // After-first-unlock + this-device-only is a safe, widely-recommended
+        // default for app secrets. It is more permissive than whenUnlocked
+        // (so background access works) but still excluded from backups.
+        self.defaultAccessible = kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly
         super.init()
     }
-    @objc public func set(key: String, value: Any) throws -> Bool {
+    /// Maps a JS `KeychainAccessible` string to the matching Security framework
+    /// constant. Unknown / nil values fall back to the secure default.
+    private func accessibleConstant(for raw: String?) -> CFString {
+        switch raw {
+        case "whenUnlocked":
+            return kSecAttrAccessibleWhenUnlocked
+        case "afterFirstUnlock":
+            return kSecAttrAccessibleAfterFirstUnlock
+        case "whenUnlockedThisDeviceOnly":
+            return kSecAttrAccessibleWhenUnlockedThisDeviceOnly
+        case "afterFirstUnlockThisDeviceOnly":
+            return kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly
+        case "whenPasscodeSetThisDeviceOnly":
+            return kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly
+        default:
+            return defaultAccessible
+        }
+    }
+    /// Builds an NSError that surfaces the OSStatus to the JS bridge without
+    /// leaking any stored secret value.
+    private func keychainError(_ status: OSStatus, operation: String) -> NSError {
+        let message: String
+        if #available(iOS 11.3, *), let str = SecCopyErrorMessageString(status, nil) as String? {
+            message = str
+        } else {
+            message = "OSStatus \(status)"
+        }
+        return NSError(
+            domain: "StrataStorage.KeychainStorage",
+            code: Int(status),
+            userInfo: [NSLocalizedDescriptionKey: "Keychain \(operation) failed: \(message)"]
+        )
+    }
+    @objc public func set(key: String, value: Any, accessible: String? = nil) throws -> Bool {
         let data: Data
         if let dataValue = value as? Data {
             data = dataValue
         } else if let stringValue = value as? String {
@@ -23,28 +76,43 @@ import Security
             let jsonData = try JSONSerialization.data(withJSONObject: value, options: [])
             data = jsonData
         }
-        let query = createQuery(key: key)
-        SecItemDelete(query as CFDictionary)
-        var newItem = query
+        // Remove any existing item first so the accessibility class is applied
+        // cleanly (SecItemUpdate cannot change accessibility reliably).
+        let deleteQuery = createQuery(key: key)
+        SecItemDelete(deleteQuery as CFDictionary)
+        var newItem = createQuery(key: key, accessible: accessibleConstant(for: accessible))
         newItem[kSecValueData as String] = data
         let status = SecItemAdd(newItem as CFDictionary, nil)
-        return status == errSecSuccess
+        guard status == errSecSuccess else {
+            throw keychainError(status, operation: "set")
+        }
+        return true
+    }
+    // Convenience overload kept for existing Objective-C callers.
+    @objc public func set(key: String, value: Any) throws -> Bool {
+        return try set(key: key, value: value, accessible: nil)
     }
     @objc public func get(key: String) throws -> Any? {
         var query = createQuery(key: key)
         query[kSecReturnData as String] = true
         query[kSecMatchLimit as String] = kSecMatchLimitOne
         var result: AnyObject?
         let status = SecItemCopyMatching(query as CFDictionary, &result)
-        guard status == errSecSuccess else { return nil }
+        if status == errSecItemNotFound {
+            return nil
+        }
+        guard status == errSecSuccess else {
+            throw keychainError(status, operation: "get")
+        }
         guard let data = result as? Data else { return nil }
         // Try to parse as JSON first, fallback to string
         if let jsonObject = try? JSONSerialization.jsonObject(with: data, options: []) {
             return jsonObject
@@ -52,35 +120,41 @@ import Security
             return String(data: data, encoding: .utf8)
         }
     }
     @objc public func remove(key: String) throws -> Bool {
         let query = createQuery(key: key)
         let status = SecItemDelete(query as CFDictionary)
-        return status == errSecSuccess
+        guard status == errSecSuccess || status == errSecItemNotFound else {
+            throw keychainError(status, operation: "remove")
+        }
+        return true
     }
     @objc public func clear(prefix: String? = nil) throws -> Bool {
         if let prefix = prefix {
             // Clear only keys with the given prefix
             let keysToRemove = try keys(pattern: prefix)
-            var allSuccess = true
             for key in keysToRemove {
-                if !(try remove(key: key)) {
-                    allSuccess = false
-                }
+                _ = try remove(key: key)
             }
-            return allSuccess
+            return true
         } else {
-            // Clear all keys
-            let query: [String: Any] = [
+            // Clear all keys for this service (and access group, if any).
+            var query: [String: Any] = [
                 kSecClass as String: kSecClassGenericPassword,
                 kSecAttrService as String: service
             ]
+            if let accessGroup = accessGroup {
+                query[kSecAttrAccessGroup as String] = accessGroup
+            }
             let status = SecItemDelete(query as CFDictionary)
-            return status == errSecSuccess || status == errSecItemNotFound
+            guard status == errSecSuccess || status == errSecItemNotFound else {
+                throw keychainError(status, operation: "clear")
+            }
+            return true
         }
     }
     @objc public func keys(pattern: String? = nil) throws -> [String] {
         var query: [String: Any] = [
             kSecClass as String: kSecClassGenericPassword,
@@ -88,57 +162,72 @@ import Security
             kSecReturnAttributes as String: true,
             kSecMatchLimit as String: kSecMatchLimitAll
         ]
         if let accessGroup = accessGroup {
             query[kSecAttrAccessGroup as String] = accessGroup
         }
         var result: AnyObject?
         let status = SecItemCopyMatching(query as CFDictionary, &result)
+        if status == errSecItemNotFound {
+            return []
+        }
         guard status == errSecSuccess,
-              let items = result as? [[String: Any]] else { return [] }
+              let items = result as? [[String: Any]] else {
+            if status == errSecSuccess { return [] }
+            throw keychainError(status, operation: "keys")
+        }
         let allKeys = items.compactMap { $0[kSecAttrAccount as String] as? String }
         guard let pattern = pattern else {
             return allKeys
         }
-        // Filter keys by pattern (simple prefix matching)
+        // Filter keys by pattern (simple prefix / contains matching)
         return allKeys.filter { key in
             key.hasPrefix(pattern) || key.contains(pattern)
         }
     }
-    private func createQuery(key: String) -> [String: Any] {
+    private func createQuery(key: String, accessible: CFString? = nil) -> [String: Any] {
         var query: [String: Any] = [
             kSecClass as String: kSecClassGenericPassword,
             kSecAttrService as String: service,
-            kSecAttrAccount as String: key,
-            kSecAttrAccessible as String: kSecAttrAccessibleWhenUnlockedThisDeviceOnly
+            kSecAttrAccount as String: key
         ]
+        // Accessibility only needs to be set when adding/writing an item.
+        // Including it on read/delete queries can over-constrain matching.
+        if let accessible = accessible {
+            query[kSecAttrAccessible as String] = accessible
+        }
         if let accessGroup = accessGroup {
             query[kSecAttrAccessGroup as String] = accessGroup
         }
         return query
     }
     @objc public func size() throws -> (total: Int, count: Int) {
         let allKeys = try keys()
         var totalSize = 0
         for key in allKeys {
-            if let data = try get(key: key) as? Data {
-                totalSize += data.count
-            } else if let string = try get(key: key) as? String {
-                totalSize += string.data(using: .utf8)?.count ?? 0
+            if let value = try get(key: key) {
+                if let data = value as? Data {
+                    totalSize += data.count
+                } else if let string = value as? String {
+                    totalSize += string.data(using: .utf8)?.count ?? 0
+                } else if let jsonData = try? JSONSerialization.data(withJSONObject: value, options: []) {
+                    totalSize += jsonData.count
+                }
             }
             totalSize += key.data(using: .utf8)?.count ?? 0
         }
         return (total: totalSize, count: allKeys.count)
     }
-}
+}

package/dist/ios/Plugin/SQLiteStorage.swift CHANGED Viewed

@@ -291,4 +291,44 @@ import os.log
         sqlite3_finalize(statement)
         return (total: totalSize, count: count)
     }
+    /**
+     * Returns every row as `{ key, value }` where `value` is the decoded
+     * stored payload. The JS SqliteAdapter applies the real query `condition`
+     * by re-fetching and filtering each key, so this native side only needs to
+     * enumerate candidate rows. The `condition` argument is accepted for
+     * forward-compatibility but is not yet pushed down into SQL.
+     */
+    @objc public func query(condition: [String: Any]) -> [[String: Any]] {
+        guard db != nil else {
+            os_log("Database not initialized", log: logger, type: .error)
+            return []
+        }
+        let querySQL = "SELECT key, value FROM \(tableName)"
+        var statement: OpaquePointer?
+        var rows: [[String: Any]] = []
+        if sqlite3_prepare_v2(db, querySQL, -1, &statement, nil) == SQLITE_OK {
+            while sqlite3_step(statement) == SQLITE_ROW {
+                guard let keyCString = sqlite3_column_text(statement, 0) else { continue }
+                let key = String(cString: keyCString)
+                var decoded: Any = NSNull()
+                if let blob = sqlite3_column_blob(statement, 1) {
+                    let valueData = Data(bytes: blob, count: Int(sqlite3_column_bytes(statement, 1)))
+                    if let jsonObject = try? JSONSerialization.jsonObject(with: valueData, options: []) {
+                        decoded = jsonObject
+                    } else if let str = String(data: valueData, encoding: .utf8) {
+                        decoded = str
+                    }
+                }
+                rows.append(["key": key, "value": decoded])
+            }
+        }
+        sqlite3_finalize(statement)
+        return rows
+    }
 }

package/dist/ios/Plugin/StrataStoragePlugin.m ADDED Viewed

@@ -0,0 +1,23 @@
+#import <Foundation/Foundation.h>
+#import <Capacitor/Capacitor.h>
+// Registers the StrataStorage plugin and its methods with the Capacitor
+// bridge. Without this macro block the @objc Swift methods are NOT exposed
+// to the JavaScript layer and every call would fail with "method not
+// implemented". The method names and the parameter list below MUST match
+// the @objc func names in StrataStoragePlugin.swift and the JS plugin
+// contract in src/plugin/definitions.ts.
+CAP_PLUGIN(StrataStoragePlugin, "StrataStorage",
+    CAP_PLUGIN_METHOD(isAvailable, CAPPluginReturnPromise);
+    CAP_PLUGIN_METHOD(get, CAPPluginReturnPromise);
+    CAP_PLUGIN_METHOD(set, CAPPluginReturnPromise);
+    CAP_PLUGIN_METHOD(remove, CAPPluginReturnPromise);
+    CAP_PLUGIN_METHOD(clear, CAPPluginReturnPromise);
+    CAP_PLUGIN_METHOD(keys, CAPPluginReturnPromise);
+    CAP_PLUGIN_METHOD(size, CAPPluginReturnPromise);
+    CAP_PLUGIN_METHOD(query, CAPPluginReturnPromise);
+    CAP_PLUGIN_METHOD(getUserDefaults, CAPPluginReturnPromise);
+    CAP_PLUGIN_METHOD(setUserDefaults, CAPPluginReturnPromise);
+    CAP_PLUGIN_METHOD(getKeychain, CAPPluginReturnPromise);
+    CAP_PLUGIN_METHOD(setKeychain, CAPPluginReturnPromise);
+)