opake.app / opake
this repo has no description
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Remove WASM exports that leak sensitive material into JS

Two wasm-bindgen exports were reaching across the security boundary
and had zero TS consumers:

- `WasmOpakeHandle::session()` serialized the entire `Session` (access
token, refresh token, DPoP private key) to JS, directly contradicting
the documented WASM security boundary — JS can't zeroize memory, so
tokens that cross end up retained on the runtime's GC schedule.
`tokenExpiresAt()` and `getDid()` cover every legitimate read.

- `WasmFileManagerHandle::fetchContentKey` returned a raw AES-256
content key as `Uint8Array`. Content keys are "WASM only" per the
sensitive-data policy; no call site on the JS side needed this.

Internal Rust callers (`XrpcClient::session`, `FileManager::fetch_content_key`)
remain — they're used by CLI and by WASM's own internal plumbing, which
is what the bindings are supposed to be abstracting.

Not Herself be491ed4 1255e6f2

-24
-11
crates/opake-wasm/src/file_manager_wasm.rs
··· 335 335 .map_err(wasm_err) 336 336 } 337 337 338 - #[wasm_bindgen(js_name = fetchContentKey)] 339 - pub async fn fetch_content_key(&self, document_uri: &str) -> Result<Vec<u8>, JsError> { 340 - let (mut opake, ctx) = self.parts().await?; 341 - let mut mgr = opake.file_manager(ctx); 342 - let key = mgr 343 - .fetch_content_key(document_uri) 344 - .await 345 - .map_err(wasm_err)?; 346 - Ok(key.0.to_vec()) 347 - } 348 - 349 338 // -- Sharing -- 350 339 351 340 pub async fn share(
-13
crates/opake-wasm/src/opake_wasm.rs
··· 912 912 } 913 913 } 914 914 915 - /// Get the (potentially refreshed) session. 916 - pub fn session(&self) -> Result<JsValue, JsError> { 917 - let guard = self 918 - .inner 919 - .try_lock() 920 - .ok_or_else(|| JsError::new("Opake is busy — an operation is in progress"))?; 921 - let opake = guard 922 - .as_ref() 923 - .ok_or_else(|| JsError::new("already consumed"))?; 924 - let session = opake.session().ok_or_else(|| JsError::new("no session"))?; 925 - serde_wasm_bindgen::to_value(session).map_err(|e| JsError::new(&e.to_string())) 926 - } 927 - 928 915 /// Get the authenticated DID without exposing the full session. 929 916 /// 930 917 /// Returns the DID string, or an error if the context is busy or has