2026-01-19 02:31:18 +00:00
|
|
|
import {
|
|
|
|
|
approveDevicePairing,
|
|
|
|
|
listDevicePairing,
|
2026-02-18 13:27:31 +00:00
|
|
|
removePairedDevice,
|
2026-01-20 10:29:13 +00:00
|
|
|
type DeviceAuthToken,
|
2026-01-19 02:31:18 +00:00
|
|
|
rejectDevicePairing,
|
2026-01-20 10:29:13 +00:00
|
|
|
revokeDeviceToken,
|
|
|
|
|
rotateDeviceToken,
|
|
|
|
|
summarizeDeviceTokens,
|
2026-01-19 02:31:18 +00:00
|
|
|
} from "../../infra/device-pairing.js";
|
|
|
|
|
import {
|
|
|
|
|
ErrorCodes,
|
|
|
|
|
errorShape,
|
|
|
|
|
formatValidationErrors,
|
|
|
|
|
validateDevicePairApproveParams,
|
|
|
|
|
validateDevicePairListParams,
|
2026-02-18 13:27:31 +00:00
|
|
|
validateDevicePairRemoveParams,
|
2026-01-19 02:31:18 +00:00
|
|
|
validateDevicePairRejectParams,
|
2026-01-20 10:29:13 +00:00
|
|
|
validateDeviceTokenRevokeParams,
|
|
|
|
|
validateDeviceTokenRotateParams,
|
2026-01-19 02:31:18 +00:00
|
|
|
} from "../protocol/index.js";
|
2026-02-18 01:34:35 +00:00
|
|
|
import type { GatewayRequestHandlers } from "./types.js";
|
2026-01-19 02:31:18 +00:00
|
|
|
|
2026-01-20 11:35:08 +00:00
|
|
|
function redactPairedDevice(
|
|
|
|
|
device: { tokens?: Record<string, DeviceAuthToken> } & Record<string, unknown>,
|
|
|
|
|
) {
|
2026-02-20 09:38:58 -08:00
|
|
|
const { tokens, approvedScopes: _approvedScopes, ...rest } = device;
|
2026-01-20 10:29:13 +00:00
|
|
|
return {
|
|
|
|
|
...rest,
|
|
|
|
|
tokens: summarizeDeviceTokens(tokens),
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-19 02:31:18 +00:00
|
|
|
export const deviceHandlers: GatewayRequestHandlers = {
|
|
|
|
|
"device.pair.list": async ({ params, respond }) => {
|
|
|
|
|
if (!validateDevicePairListParams(params)) {
|
|
|
|
|
respond(
|
|
|
|
|
false,
|
|
|
|
|
undefined,
|
|
|
|
|
errorShape(
|
|
|
|
|
ErrorCodes.INVALID_REQUEST,
|
|
|
|
|
`invalid device.pair.list params: ${formatValidationErrors(
|
|
|
|
|
validateDevicePairListParams.errors,
|
|
|
|
|
)}`,
|
|
|
|
|
),
|
|
|
|
|
);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
const list = await listDevicePairing();
|
2026-01-20 10:29:13 +00:00
|
|
|
respond(
|
|
|
|
|
true,
|
|
|
|
|
{
|
|
|
|
|
pending: list.pending,
|
|
|
|
|
paired: list.paired.map((device) => redactPairedDevice(device)),
|
|
|
|
|
},
|
|
|
|
|
undefined,
|
|
|
|
|
);
|
2026-01-19 02:31:18 +00:00
|
|
|
},
|
|
|
|
|
"device.pair.approve": async ({ params, respond, context }) => {
|
|
|
|
|
if (!validateDevicePairApproveParams(params)) {
|
|
|
|
|
respond(
|
|
|
|
|
false,
|
|
|
|
|
undefined,
|
|
|
|
|
errorShape(
|
|
|
|
|
ErrorCodes.INVALID_REQUEST,
|
|
|
|
|
`invalid device.pair.approve params: ${formatValidationErrors(
|
|
|
|
|
validateDevicePairApproveParams.errors,
|
|
|
|
|
)}`,
|
|
|
|
|
),
|
|
|
|
|
);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
const { requestId } = params as { requestId: string };
|
|
|
|
|
const approved = await approveDevicePairing(requestId);
|
|
|
|
|
if (!approved) {
|
|
|
|
|
respond(false, undefined, errorShape(ErrorCodes.INVALID_REQUEST, "unknown requestId"));
|
|
|
|
|
return;
|
|
|
|
|
}
|
2026-01-20 11:35:08 +00:00
|
|
|
context.logGateway.info(
|
|
|
|
|
`device pairing approved device=${approved.device.deviceId} role=${approved.device.role ?? "unknown"}`,
|
|
|
|
|
);
|
2026-01-19 02:31:18 +00:00
|
|
|
context.broadcast(
|
|
|
|
|
"device.pair.resolved",
|
|
|
|
|
{
|
|
|
|
|
requestId,
|
|
|
|
|
deviceId: approved.device.deviceId,
|
|
|
|
|
decision: "approved",
|
|
|
|
|
ts: Date.now(),
|
2026-01-20 11:35:08 +00:00
|
|
|
},
|
2026-01-19 02:31:18 +00:00
|
|
|
{ dropIfSlow: true },
|
|
|
|
|
);
|
2026-01-20 10:29:13 +00:00
|
|
|
respond(true, { requestId, device: redactPairedDevice(approved.device) }, undefined);
|
2026-01-19 02:31:18 +00:00
|
|
|
},
|
|
|
|
|
"device.pair.reject": async ({ params, respond, context }) => {
|
|
|
|
|
if (!validateDevicePairRejectParams(params)) {
|
|
|
|
|
respond(
|
|
|
|
|
false,
|
|
|
|
|
undefined,
|
|
|
|
|
errorShape(
|
|
|
|
|
ErrorCodes.INVALID_REQUEST,
|
|
|
|
|
`invalid device.pair.reject params: ${formatValidationErrors(
|
|
|
|
|
validateDevicePairRejectParams.errors,
|
|
|
|
|
)}`,
|
|
|
|
|
),
|
|
|
|
|
);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
const { requestId } = params as { requestId: string };
|
|
|
|
|
const rejected = await rejectDevicePairing(requestId);
|
|
|
|
|
if (!rejected) {
|
|
|
|
|
respond(false, undefined, errorShape(ErrorCodes.INVALID_REQUEST, "unknown requestId"));
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
context.broadcast(
|
|
|
|
|
"device.pair.resolved",
|
|
|
|
|
{
|
|
|
|
|
requestId,
|
|
|
|
|
deviceId: rejected.deviceId,
|
|
|
|
|
decision: "rejected",
|
|
|
|
|
ts: Date.now(),
|
|
|
|
|
},
|
|
|
|
|
{ dropIfSlow: true },
|
|
|
|
|
);
|
|
|
|
|
respond(true, rejected, undefined);
|
|
|
|
|
},
|
2026-02-18 13:27:31 +00:00
|
|
|
"device.pair.remove": async ({ params, respond, context }) => {
|
|
|
|
|
if (!validateDevicePairRemoveParams(params)) {
|
|
|
|
|
respond(
|
|
|
|
|
false,
|
|
|
|
|
undefined,
|
|
|
|
|
errorShape(
|
|
|
|
|
ErrorCodes.INVALID_REQUEST,
|
|
|
|
|
`invalid device.pair.remove params: ${formatValidationErrors(
|
|
|
|
|
validateDevicePairRemoveParams.errors,
|
|
|
|
|
)}`,
|
|
|
|
|
),
|
|
|
|
|
);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
const { deviceId } = params as { deviceId: string };
|
|
|
|
|
const removed = await removePairedDevice(deviceId);
|
|
|
|
|
if (!removed) {
|
|
|
|
|
respond(false, undefined, errorShape(ErrorCodes.INVALID_REQUEST, "unknown deviceId"));
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
context.logGateway.info(`device pairing removed device=${removed.deviceId}`);
|
|
|
|
|
respond(true, removed, undefined);
|
|
|
|
|
},
|
2026-01-20 11:35:08 +00:00
|
|
|
"device.token.rotate": async ({ params, respond, context }) => {
|
2026-01-20 10:29:13 +00:00
|
|
|
if (!validateDeviceTokenRotateParams(params)) {
|
|
|
|
|
respond(
|
|
|
|
|
false,
|
|
|
|
|
undefined,
|
|
|
|
|
errorShape(
|
|
|
|
|
ErrorCodes.INVALID_REQUEST,
|
|
|
|
|
`invalid device.token.rotate params: ${formatValidationErrors(
|
|
|
|
|
validateDeviceTokenRotateParams.errors,
|
|
|
|
|
)}`,
|
|
|
|
|
),
|
|
|
|
|
);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
const { deviceId, role, scopes } = params as {
|
|
|
|
|
deviceId: string;
|
|
|
|
|
role: string;
|
|
|
|
|
scopes?: string[];
|
|
|
|
|
};
|
|
|
|
|
const entry = await rotateDeviceToken({ deviceId, role, scopes });
|
|
|
|
|
if (!entry) {
|
|
|
|
|
respond(false, undefined, errorShape(ErrorCodes.INVALID_REQUEST, "unknown deviceId/role"));
|
|
|
|
|
return;
|
|
|
|
|
}
|
2026-01-20 11:35:08 +00:00
|
|
|
context.logGateway.info(
|
|
|
|
|
`device token rotated device=${deviceId} role=${entry.role} scopes=${entry.scopes.join(",")}`,
|
|
|
|
|
);
|
2026-01-20 10:29:13 +00:00
|
|
|
respond(
|
|
|
|
|
true,
|
|
|
|
|
{
|
|
|
|
|
deviceId,
|
|
|
|
|
role: entry.role,
|
|
|
|
|
token: entry.token,
|
|
|
|
|
scopes: entry.scopes,
|
|
|
|
|
rotatedAtMs: entry.rotatedAtMs ?? entry.createdAtMs,
|
|
|
|
|
},
|
|
|
|
|
undefined,
|
|
|
|
|
);
|
|
|
|
|
},
|
2026-01-20 11:35:08 +00:00
|
|
|
"device.token.revoke": async ({ params, respond, context }) => {
|
2026-01-20 10:29:13 +00:00
|
|
|
if (!validateDeviceTokenRevokeParams(params)) {
|
|
|
|
|
respond(
|
|
|
|
|
false,
|
|
|
|
|
undefined,
|
|
|
|
|
errorShape(
|
|
|
|
|
ErrorCodes.INVALID_REQUEST,
|
|
|
|
|
`invalid device.token.revoke params: ${formatValidationErrors(
|
|
|
|
|
validateDeviceTokenRevokeParams.errors,
|
|
|
|
|
)}`,
|
|
|
|
|
),
|
|
|
|
|
);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
const { deviceId, role } = params as { deviceId: string; role: string };
|
|
|
|
|
const entry = await revokeDeviceToken({ deviceId, role });
|
|
|
|
|
if (!entry) {
|
|
|
|
|
respond(false, undefined, errorShape(ErrorCodes.INVALID_REQUEST, "unknown deviceId/role"));
|
|
|
|
|
return;
|
|
|
|
|
}
|
2026-01-20 11:35:08 +00:00
|
|
|
context.logGateway.info(`device token revoked device=${deviceId} role=${entry.role}`);
|
2026-01-20 10:29:13 +00:00
|
|
|
respond(
|
|
|
|
|
true,
|
|
|
|
|
{ deviceId, role: entry.role, revokedAtMs: entry.revokedAtMs ?? Date.now() },
|
|
|
|
|
undefined,
|
|
|
|
|
);
|
|
|
|
|
},
|
2026-01-19 02:31:18 +00:00
|
|
|
};
|
