developer/galaxy-game
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
fbc0260720b7bb20ab770f781d87c362894e8161
galaxy-game/ui/frontend/src/api/galaxy-client.ts
T
Ilia Denisov fbc0260720 phase 5: wasm core, GalaxyClient skeleton, Connect-Web stubs 
Compile `ui/core` to WebAssembly via TinyGo (903 KB) and expose four
canonical-bytes / signature-verification functions on
`globalThis.galaxyCore` from `ui/wasm/main.go`. The TypeScript-side
`Core` interface plus a `WasmCore` adapter (browser + JSDOM loader)
bridge those into a typed shape, and a `GalaxyClient` skeleton wires
`Core.signRequest` → injected `Signer` → typed Connect client →
`Core.verifyPayloadHash` / `verifyResponse`.

Wire `ui/buf.gen.yaml` against the local
`@bufbuild/protoc-gen-es` v2 binary (devDependency) so the codegen
step does not depend on the buf.build BSR. Vitest covers the bridge
end-to-end: per-method WasmCore tests under JSDOM, byte-for-byte
canon parity against the gateway fixtures committed in Phase 3, and
a `GalaxyClient` orchestration test using
`createRouterTransport`. The committed `core.wasm` snapshot tracks
TinyGo output so contributors run `make wasm` only when `ui/core/`
changes; CI consumes the snapshot directly.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-07 12:58:37 +02:00

150 lines
4.3 KiB
TypeScript
Raw Blame History

// `GalaxyClient` orchestrates one authenticated unary round-trip:
// build canonical request bytes via `Core.signRequest`, sign them
// through an injected `Signer`, post the envelope through the typed
// Connect client, then verify the response signature and payload hash
// before returning the decoded payload.
//
// Phase 5 ships the orchestration only — Phase 6 plugs the WebCrypto
// `Signer` and `KeyStore`, and Phase 7 wires the auth flow that
// actually creates the device session. Tests pass an exportable
// fixture key wrapped as a `Signer` so the flow can be exercised
// end-to-end without a live gateway.
import { create } from "@bufbuild/protobuf";
import type { Core } from "../platform/core/index";
import {
ExecuteCommandRequestSchema,
type ExecuteCommandResponse,
} from "../proto/galaxy/gateway/v1/edge_gateway_pb";
import type { EdgeGatewayClient } from "./connect";
/**
* Signer produces a raw 64-byte Ed25519 signature over canonicalBytes.
* Phase 6 backs this with WebCrypto + a non-exportable IDB key handle.
* Phase 5 tests pass a function that closes over `crypto.sign(...)`
* with an exportable fixture key.
*/
export type Signer = (canonicalBytes: Uint8Array) => Promise<Uint8Array>;
/**
* Sha256 computes the raw 32-byte SHA-256 digest of payload. The
* GalaxyClient receives this as a dependency so JSDOM tests can pass
* Node's `crypto` and the browser path can use `crypto.subtle`.
*/
export type Sha256 = (payload: Uint8Array) => Promise<Uint8Array>;
export interface GalaxyClientOptions {
core: Core;
edge: EdgeGatewayClient;
signer: Signer;
sha256: Sha256;
deviceSessionId: string;
gatewayResponsePublicKey: Uint8Array;
clock?: () => bigint;
requestIdFactory?: () => string;
}
const PROTOCOL_VERSION = "v1";
export class GalaxyClient {
private readonly core: Core;
private readonly edge: EdgeGatewayClient;
private readonly signer: Signer;
private readonly sha256: Sha256;
private readonly deviceSessionId: string;
private readonly gatewayResponsePublicKey: Uint8Array;
private readonly clock: () => bigint;
private readonly requestIdFactory: () => string;
constructor(options: GalaxyClientOptions) {
this.core = options.core;
this.edge = options.edge;
this.signer = options.signer;
this.sha256 = options.sha256;
this.deviceSessionId = options.deviceSessionId;
this.gatewayResponsePublicKey = options.gatewayResponsePublicKey;
this.clock = options.clock ?? defaultClock;
this.requestIdFactory =
options.requestIdFactory ?? defaultRequestIdFactory;
}
async executeCommand(
messageType: string,
payload: Uint8Array,
traceId = "",
): Promise<Uint8Array> {
const requestId = this.requestIdFactory();
const timestampMs = this.clock();
const payloadHash = await this.sha256(payload);
const canonicalBytes = this.core.signRequest({
protocolVersion: PROTOCOL_VERSION,
deviceSessionId: this.deviceSessionId,
messageType,
timestampMs,
requestId,
payloadHash,
});
const signature = await this.signer(canonicalBytes);
const response = await this.edge.executeCommand(
create(ExecuteCommandRequestSchema, {
protocolVersion: PROTOCOL_VERSION,
deviceSessionId: this.deviceSessionId,
messageType,
timestampMs,
requestId,
payloadBytes: payload,
payloadHash,
signature,
traceId,
}),
);
this.verifyResponse(response, requestId);
return response.payloadBytes;
}
private verifyResponse(
response: ExecuteCommandResponse,
requestId: string,
): void {
if (response.requestId !== requestId) {
throw new Error(
`galaxy-client: response request_id ${response.requestId} does not match ${requestId}`,
);
}
if (
!this.core.verifyPayloadHash(
response.payloadBytes,
response.payloadHash,
)
) {
throw new Error("galaxy-client: response payload_hash mismatch");
}
const ok = this.core.verifyResponse(
this.gatewayResponsePublicKey,
response.signature,
{
protocolVersion: response.protocolVersion,
requestId: response.requestId,
timestampMs: response.timestampMs,
resultCode: response.resultCode,
payloadHash: response.payloadHash,
},
);
if (!ok) {
throw new Error("galaxy-client: invalid response signature");
}
}
}
function defaultClock(): bigint {
return BigInt(Date.now());
}
function defaultRequestIdFactory(): string {
return crypto.randomUUID();
}
Reference in New Issue View Git Blame Copy Permalink