bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-19 17:53:39 +00:00
Code Issues Releases Wiki Activity

[PM-5614] introduce SecretState wrapper (#7823)

Browse Source 
Matt provided a ton of help on getting the state interactions right. Both he 
and Justin collaborated with me to write the core of of the secret classifier.

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
This commit is contained in:
✨ Audrey ✨
2024-02-27 11:40:32 -05:00
committed by GitHub
parent 5a1f09a568
commit 36116bddda
13 changed files with 1198 additions and 290 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
libs/common/src/tools/generator/state/user-encryptor.abstraction.ts Normal file
View File

@@ -0,0 +1,42 @@
import { Jsonify } from "type-fest";
import { EncString } from "../../../platform/models/domain/enc-string";
import { UserId } from "../../../types/guid";
/** A classification strategy that protects a type's secrets with
* user-specific information. The specific kind of information is
* determined by the classification strategy.
*/
export abstract class UserEncryptor<State extends object, Disclosed> {
/** Protects secrets in `value` with a user-specific key.
* @param value the object to protect. This object is mutated during encryption.
* @param userId identifies the user-specific information used to protect
* the secret.
* @returns a promise that resolves to a tuple. The tuple's first property contains
* the encrypted secret and whose second property contains an object w/ disclosed
* properties.
* @throws If `value` is `null` or `undefined`, the promise rejects with an error.
*/
abstract encrypt(
value: State,
userId: UserId,
): Promise<{ secret: EncString; disclosed: Disclosed }>;
/** Combines protected secrets and disclosed data into a type that can be
* rehydrated into a domain object.
* @param secret an encrypted JSON payload containing State's secrets.
* @param disclosed a data object containing State's disclosed properties.
* @param userId identifies the user-specific information used to protect
* the secret.
* @returns a promise that resolves to the raw state. This state *is not* a
* class. It contains only data that can be round-tripped through JSON,
* and lacks members such as a prototype or bound functions.
* @throws If `secret` or `disclosed` is `null` or `undefined`, the promise
* rejects with an error.
*/
abstract decrypt(
secret: EncString,
disclosed: Jsonify<Disclosed>,
userId: UserId,
): Promise<Jsonify<State>>;
}