/** * @since 4.0.0 */ import * as Cache from "../../Cache.ts" import * as Context from "../../Context.ts" import * as Data from "../../Data.ts" import * as Effect from "../../Effect.ts" import * as Layer from "../../Layer.ts" import * as Predicate from "../../Predicate.ts" import * as Queue from "../../Queue.ts" import * as Redacted from "../../Redacted.ts" import type * as Schema from "../../Schema.ts" import type * as Scope from "../../Scope.ts" import * as RpcClient from "../rpc/RpcClient.ts" import type { RpcClientError } from "../rpc/RpcClientError.ts" import type * as RpcGroup from "../rpc/RpcGroup.ts" import type { Entry, RemoteEntry, RemoteId } from "./EventJournal.ts" import { type Identity, Registry } from "./EventLog.ts" import { EventLogEncryption, layerSubtle } from "./EventLogEncryption.ts" import { Authenticate, ChangesRpc, ChunkedMessage, type EventLogProtocolError, EventLogRemoteRpcs, type HelloResponse, type StoreId, WriteEntries, WriteEntriesUnencrypted } from "./EventLogMessage.ts" import { encodeSessionAuthPayload, signSessionAuthPayloadBytes } from "./EventLogSessionAuth.ts" import { makeGetIdentityRootSecretMaterial } from "./internal/identityRootSecretDerivation.ts" /** * @since 4.0.0 * @category models */ export class EventLogRemote extends Context.Service Effect.Effect, never, Scope.Scope> readonly write: (options: { readonly identity: Identity["Service"] readonly storeId: StoreId readonly entries: ReadonlyArray }) => Effect.Effect readonly whenAuthenticated: ( effect: Effect.Effect ) => Effect.Effect }>()("effect/eventlog/EventLogRemote") {} /** * @since 4.0.0 * @category errors */ export class EventLogRemoteError extends Data.TaggedError("EventLogRemoteError")<{ readonly method: string readonly cause: unknown }> {} const getIdentityRootSecretMaterial = makeGetIdentityRootSecretMaterial(globalThis.crypto) const makeAuthenticate = Effect.fnUntraced(function*(options: { readonly identity: Identity["Service"] readonly hello: HelloResponse }) { const rootSecretMaterial = yield* getIdentityRootSecretMaterial(options.identity) const payload = yield* encodeSessionAuthPayload({ remoteId: options.hello.remoteId, challenge: options.hello.challenge, publicKey: options.identity.publicKey, signingPublicKey: rootSecretMaterial.signingPublicKey }) const signature = yield* signSessionAuthPayloadBytes({ payload, signingPrivateKey: Redacted.value(rootSecretMaterial.signingPrivateKey) }) return new Authenticate({ publicKey: options.identity.publicKey, signingPublicKey: rootSecretMaterial.signingPublicKey, signature, algorithm: "Ed25519" }) }) /** * @since 4.0.0 * @category RpcClient */ export class EventLogRemoteClient extends Context.Service< EventLogRemoteClient, RpcClient.RpcClient, RpcClientError> >()( "effect/unstable/eventlog/EventLogRemote/EventLogRemoteClient" ) { static readonly layer = Layer.effect( EventLogRemoteClient, RpcClient.make(EventLogRemoteRpcs, { disableTracing: true }) ) } /** * @since 4.0.0 * @category constructors */ export const makeWith = Effect.fnUntraced(function*({ encodeWrite, decodeChanges }: { readonly encodeWrite: (options: { readonly identity: Identity["Service"] readonly entries: ReadonlyArray readonly storeId: StoreId }) => Effect.Effect, Schema.SchemaError> readonly decodeChanges: ( identity: Identity["Service"], data: Uint8Array ) => Effect.Effect, Schema.SchemaError> }): Effect.fn.Return { const client = yield* EventLogRemoteClient const registry = yield* Registry let hello: HelloResponse | null = yield* client["EventLog.Hello"]().pipe( Effect.mapError((cause) => new EventLogRemoteError({ method: "hello", cause })) ) const identities = new Map() const ensureIdentity = (identity: Identity["Service"]) => { let entry = identities.get(identity.publicKey) if (!entry) { entry = identity identities.set(identity.publicKey, entry) } return entry } const authCache = yield* Cache.make({ lookup: Effect.fnUntraced(function*(publicKey: string) { const identity = identities.get(publicKey)! hello ??= yield* client["EventLog.Hello"]().pipe( Effect.mapError((cause) => new EventLogRemoteError({ method: "hello", cause })) ) const authenticate = yield* makeAuthenticate({ identity, hello }) yield* client["EventLog.Authenticate"](authenticate) }, Effect.mapError((cause) => new EventLogRemoteError({ method: "authenticate", cause }))), capacity: Number.MAX_SAFE_INTEGER }) const ensureAuthenticated = (identity: Identity["Service"]) => { ensureIdentity(identity) return Cache.get(authCache, identity.publicKey) } const retryForbidden = ( effect: Effect.Effect, options: { readonly identity: Identity["Service"] } ) => Effect.retry(effect, { while(e) { hello = null const isForbidden = Predicate.isTagged(e, "EventLogProtocolError") && (e as any as EventLogProtocolError).code === "Forbidden" return Cache.invalidate(authCache, options.identity.publicKey).pipe( Effect.as(isForbidden) ) }, times: 5 }) let chunkedIdCounter = 0 const remote = EventLogRemote.of({ id: hello.remoteId, write: Effect.fnUntraced( function*(options) { yield* ensureAuthenticated(options.identity) const encoded = yield* encodeWrite(options) if (encoded.byteLength <= ChunkedMessage.chunkSize) { return yield* client["EventLog.WriteSingle"]({ data: encoded }) } for (const part of ChunkedMessage.split(chunkedIdCounter++, encoded)) { yield* client["EventLog.WriteChunked"](part) } }, retryForbidden, Effect.mapError((cause) => new EventLogRemoteError({ method: "write", cause })) ), changes: Effect.fnUntraced(function*(options) { const outgoing = yield* Queue.make() yield* Effect.gen(function*() { yield* ensureAuthenticated(options.identity) const chunkedState = ChunkedMessage.initialJoinState() const incoming = yield* client["EventLog.Changes"]({ publicKey: options.identity.publicKey, storeId: options.storeId, startSequence: options.startSequence }, { asQueue: true }) while (true) { const parts = yield* Queue.takeAll(incoming) for (let i = 0; i < parts.length; i++) { const part = parts[i] if (part._tag === "Single") { yield* Queue.offerAll(outgoing, yield* decodeChanges(options.identity, part.data)) continue } const data = ChunkedMessage.join(chunkedState, part) if (!data) continue yield* Queue.offerAll(outgoing, yield* decodeChanges(options.identity, data)) } } }).pipe( (effect) => retryForbidden(effect, options), Effect.mapError((cause) => { if (cause._tag === "EventLogRemoteError") { return cause } return new EventLogRemoteError({ method: "changes", cause }) }), Effect.catchCause((cause) => Queue.failCause(outgoing, cause)), Effect.forkScoped ) return outgoing }), whenAuthenticated: (effect) => IdentityService.use((identity) => Effect.flatMap(ensureAuthenticated(identity), () => effect)) }) yield* registry.registerRemote(remote) return remote }) /** @effect-diagnostics-next-line classSelfMismatch:off */ class IdentityService extends Context.Service()( "effect/eventlog/EventLog/Identity" satisfies Identity["key"] ) {} /** * @since 4.0.0 * @category constructors */ export const makeEncrypted = Effect.gen(function*(): Effect.fn.Return< EventLogRemote["Service"], EventLogRemoteError, Scope.Scope | EventLogRemoteClient | EventLogEncryption | Registry > { const encryption = yield* EventLogEncryption return yield* makeWith({ encodeWrite: (options) => encryption.encrypt(options.identity, options.entries).pipe( Effect.flatMap((msg) => new WriteEntries({ publicKey: options.identity.publicKey, storeId: options.storeId, iv: msg.iv, encryptedEntries: msg.encryptedEntries.map((entry, i) => ({ entryId: options.entries[i].id, encryptedEntry: entry })) }).encoded ) ), decodeChanges: (identity, data) => ChangesRpc.decodeEncrypted(data).pipe( Effect.flatMap((entries) => encryption.decrypt(identity, entries)) ) }) }) /** * @since 4.0.0 * @category constructors */ export const makeUnencrypted: Effect.Effect< EventLogRemote["Service"], EventLogRemoteError, Scope.Scope | EventLogRemoteClient | Registry > = makeWith({ encodeWrite: (options) => new WriteEntriesUnencrypted({ publicKey: options.identity.publicKey, storeId: options.storeId, entries: options.entries }).encoded, decodeChanges: (_identity, data) => ChangesRpc.decodeUnencrypted(data) }) /** * @since 4.0.0 * @category Layers */ export const layerEncrypted: Layer.Layer< EventLogRemote, EventLogRemoteError, RpcClient.Protocol | Registry > = Layer.effect(EventLogRemote, makeEncrypted).pipe( Layer.provide(EventLogRemoteClient.layer), Layer.provide(layerSubtle) ) /** * @since 4.0.0 * @category Layers */ export const layerUnencrypted: Layer.Layer< EventLogRemote, EventLogRemoteError, RpcClient.Protocol | Registry > = Layer.effect(EventLogRemote, makeUnencrypted).pipe( Layer.provide(EventLogRemoteClient.layer) )