695aff4f85
**Motivations:** - Migrer api-relay vers base de données SQLite (production) - Ajouter authentification API key pour endpoints POST (protection abus) - PersistentNonceCache pour service-login-verify (IndexedDB/localStorage) - Écran paramètres crypto avancés UserWallet - Documenter options non implémentées (Merkle, évolutions api-relay) **Root causes:** - N/A (évolutions + correctifs) **Correctifs:** - N/A **Evolutions:** - api-relay: DatabaseStorageService (SQLite), StorageAdapter (compatibilité), ApiKeyService (génération/validation), auth middleware (Bearer/X-API-Key), endpoints admin (/admin/api-keys), migration script (migrate-to-db.ts), suppression saveToDisk périodique - service-login-verify: PersistentNonceCache (IndexedDB avec fallback localStorage, TTL, cleanup), export dans index - userwallet: CryptoSettingsScreen (hashAlgorithm, jsonCanonizationStrict, ecdhCurve, nonceTtlMs, timestampWindowMs), modifications LoginScreen, LoginForm, CreateIdentityScreen, ImportIdentityScreen, DataExportImportScreen, PairingDisplayScreen, RelaySettingsScreen, ServiceListScreen, MemberSelectionScreen, GlobalActionBar - features: OPTIONS_NON_IMPLENTEES.md (analyse Merkle trees, évolutions api-relay) **Pages affectées:** - api-relay: package.json, index.ts, middleware/auth.ts, services/database.ts, services/storageAdapter.ts, services/apiKeyService.ts, scripts/migrate-to-db.ts - service-login-verify: persistentNonceCache.ts, index.ts, tsconfig.json, dist/ - userwallet: App, CryptoSettingsScreen, LoginScreen, LoginForm, CreateIdentityScreen, ImportIdentityScreen, DataExportImportScreen, PairingDisplayScreen, RelaySettingsScreen, ServiceListScreen, MemberSelectionScreen, GlobalActionBar - features: OPTIONS_NON_IMPLENTEES.md - data: sync-utxos.log
108 lines
3.6 KiB
JavaScript
108 lines
3.6 KiB
JavaScript
/**
|
|
* Persistent nonce cache using IndexedDB (browser) or localStorage (fallback).
|
|
* Implements NonceCacheLike interface for use with verifyLoginProof.
|
|
*/
|
|
export class PersistentNonceCache {
|
|
ttlMs;
|
|
storageKey;
|
|
useIndexedDB;
|
|
db = null;
|
|
constructor(ttlMs = 3600000, storageKey = 'nonce_cache') {
|
|
this.ttlMs = ttlMs;
|
|
this.storageKey = storageKey;
|
|
this.useIndexedDB = typeof window !== 'undefined' && 'indexedDB' in window;
|
|
}
|
|
/**
|
|
* Initialize IndexedDB if available.
|
|
*/
|
|
async init() {
|
|
if (!this.useIndexedDB) {
|
|
return;
|
|
}
|
|
return new Promise((resolve, reject) => {
|
|
const request = indexedDB.open('NonceCacheDB', 1);
|
|
request.onerror = () => {
|
|
reject(new Error('Failed to open IndexedDB'));
|
|
};
|
|
request.onsuccess = () => {
|
|
this.db = request.result;
|
|
resolve();
|
|
};
|
|
request.onupgradeneeded = (event) => {
|
|
const db = event.target.result;
|
|
if (!db.objectStoreNames.contains('nonces')) {
|
|
const store = db.createObjectStore('nonces', { keyPath: 'nonce' });
|
|
store.createIndex('timestamp', 'timestamp', { unique: false });
|
|
}
|
|
};
|
|
});
|
|
}
|
|
/**
|
|
* Check if nonce is valid (not seen within TTL). Records nonce on success.
|
|
* Note: IndexedDB operations are async, but NonceCacheLike interface requires sync.
|
|
* This implementation uses localStorage for synchronous access.
|
|
* For true IndexedDB persistence, consider making the interface async.
|
|
*/
|
|
isValid(nonce, timestamp) {
|
|
return this.isValidSync(nonce, timestamp);
|
|
}
|
|
/**
|
|
* Synchronous validation using localStorage (fallback).
|
|
*/
|
|
isValidSync(nonce, timestamp) {
|
|
const now = Date.now();
|
|
const stored = localStorage.getItem(`${this.storageKey}_${nonce}`);
|
|
if (stored !== null) {
|
|
const storedTimestamp = parseInt(stored, 10);
|
|
if (now - storedTimestamp < this.ttlMs) {
|
|
return false;
|
|
}
|
|
localStorage.removeItem(`${this.storageKey}_${nonce}`);
|
|
}
|
|
localStorage.setItem(`${this.storageKey}_${nonce}`, timestamp.toString());
|
|
this.cleanupSync(now);
|
|
return true;
|
|
}
|
|
/**
|
|
* Cleanup expired entries (localStorage).
|
|
*/
|
|
cleanupSync(now) {
|
|
const keys = [];
|
|
for (let i = 0; i < localStorage.length; i++) {
|
|
const key = localStorage.key(i);
|
|
if (key !== null && key.startsWith(`${this.storageKey}_`)) {
|
|
keys.push(key);
|
|
}
|
|
}
|
|
for (const key of keys) {
|
|
const stored = localStorage.getItem(key);
|
|
if (stored !== null) {
|
|
const storedTimestamp = parseInt(stored, 10);
|
|
if (now - storedTimestamp >= this.ttlMs) {
|
|
localStorage.removeItem(key);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
/**
|
|
* Clear all entries.
|
|
*/
|
|
clear() {
|
|
if (this.useIndexedDB && this.db !== null) {
|
|
const transaction = this.db.transaction(['nonces'], 'readwrite');
|
|
const store = transaction.objectStore('nonces');
|
|
store.clear();
|
|
}
|
|
const keys = [];
|
|
for (let i = 0; i < localStorage.length; i++) {
|
|
const key = localStorage.key(i);
|
|
if (key !== null && key.startsWith(`${this.storageKey}_`)) {
|
|
keys.push(key);
|
|
}
|
|
}
|
|
for (const key of keys) {
|
|
localStorage.removeItem(key);
|
|
}
|
|
}
|
|
}
|