WIP team invitations

2019-12-16 20:57:19 -05:00
parent 1a521b57c8
commit c82c50c274
3 changed files with 151 additions and 82 deletions
--- a/www/common/outer/invitation.js
+++ b/www/common/outer/invitation.js
@@ -1,8 +1,76 @@
 (function () {
-var factory = function (Util, Cred, nThen) {
+var factory = function (Util, Cred, nThen, Nacl) {
    nThen = nThen; // XXX
    var Invite = {};

+    var encode64 = Nacl.util.encodeBase64;
+    var decode64 = Nacl.util.decode64;
+
+    // ed and curve keys can be random...
+    Invite.generateKeys = function () {
+        var ed = Nacl.sign.keyPair();
+        var curve = Nacl.box.keyPair();
+        return {
+            edPublic: encode64(ed.publicKey),
+            edPrivate: encode64(ed.secretKey),
+            curvePublic: encode64(curve.publicKey),
+            curvePrivate: encode64(curve.secretKey),
+        };
+    };
+
+    var b64ToChannelKeys = function (b64) {
+        var dispense = Cred.dispenser(decode64(b64));
+        return {
+            channel: Util.uint8ArrayToHex(dispense(16)),
+            cryptKey: encode64(dispense(Nacl.secretbox.keyLength)),
+        };
+    };
+
+    // the secret invite values (cryptkey and channel) can be derived
+    // from the link seed and (optional) password
+    Invite.deriveInviteKeys = b64ToChannelKeys;
+
+    // the preview values (cryptkey and channel) are less sensitive than the invite values
+    // as they cannot be leveraged to access any further content on their own
+    // unless the message contains secrets.
+    // derived from the link seed alone.
+    Invite.derivePreviewKeys = b64ToChannelKeys;
+
+    // what the invite link alone will allow you to see
+    Invite.createPreviewContent = function (data, keys, cb) {
+        cb = cb;
+        /*  should include:
+        {
+            message: "", // personal message
+            author: "", // author public key
+            from: "", // author pretty name
+        }
+        */
+    };
+
+    // the remaining data available with the invite link + password
+    Invite.createInviteContent = function (data, keys, cb) {
+        cb = cb;
+        /*  should include:
+        {
+            teamData: {
+                // everything you need to join the team
+
+            },
+            ephemeral: {
+                curve: "", // for the roster
+                ed: "" // for deleting the preview content
+            }
+        }
+        */
+    };
+
+    Invite.createRosterEntry = function (roster, data, cb) {
+        var toInvite = {};
+        toInvite[data.curvePublic] = data.content;
+        roster.invite(toInvite, cb);
+    };
+
 /*  INPUTS

    * password (for scrypt)
@@ -13,20 +81,6 @@ var factory = function (Util, Cred, nThen) {

 */

-
-/*  DERIVATIONS
-
-    * components corresponding to www/common/invitation.js
-    * preview_hash => components
-      * channel
-      * cryptKey
-    * b64_bytes
-      * curvePrivate => curvePublic
-      * edSeed => edPrivate => edPublic
-
-*/
-
-
 /*  IO / FUNCTIONALITY

    * creator
@@ -46,77 +100,23 @@ var factory = function (Util, Cred, nThen) {

 */

-
-    var BYTES_REQUIRED = 256;
-
-    Invite.deriveKeys = function (seed, passwd, cb) {
-        cb = cb; // XXX
-        // TODO validate has cb
-        // TODO onceAsync the cb
-        // TODO cb with err if !(seed && passwd)
-
-        Cred.deriveFromPassphrase(seed, passwd, BYTES_REQUIRED, function (bytes) {
-            var dispense = Cred.dispenser(bytes);
-            dispense = dispense; // XXX
-
-            // edPriv => edPub
-            // curvePriv => curvePub
-            // channel
-            // cryptKey
-        });
-    };
-
-    Invite.createSeed = function () {
-        // XXX
-        // return a seed
-    };
-
-    Invite.create = function (cb) {
-        cb = cb; // XXX
-        // TODO validate has cb
-        // TODO onceAsync the cb
-        // TODO cb with err if !(seed && passwd)
-
-
-
-        // required
-            // password
-            // validateKey
-            // creatorEdPublic
-                // for owner
-        // ephemeral
-            // signingKey
-                // for owner to write invitation
-        // derived
-            // edPriv
-                // edPublic
-                    // for invitee ownership
-            // curvePriv
-                // curvePub
-                    // for acceptance OR
-                    // authenticated decline message via mailbox
-            // channel
-                // for owned deletion
-                // for team pinning
-            // cryptKey
-                // for protecting channel content
-    };
-
    return Invite;
 };
    if (typeof(module) !== 'undefined' && module.exports) {
        module.exports = factory(
            require("../common-util"),
            require("../common-credential.js"),
-            require("nthen")
+            require("nthen"),
+            require("tweetnacl/nacl-fast")
        );
    } else if ((typeof(define) !== 'undefined' && define !== null) && (define.amd !== null)) {
        define([
            '/common/common-util.js',
            '/common/common-credential.js',
            '/bower_components/nthen/index.js',
+            '/bower_components/tweetnacl/nacl-fast.min.js',
        ], function (Util, Cred, nThen) {
-            return factory(Util, nThen);
+            return factory(Util, Cred, nThen, window.nacl);
        });
    }
 }());