Refactor chat encryption to use sodium, update API

Replaces legacy chat encryption modules with new sodium-based implementation. Adds and updates API routes for chat key management and debugging, introduces new hooks and scripts for sodium chat, and updates related database schema and configuration. Removes old crypto modules and updates dependencies accordingly.
This commit is contained in:
Christopher
2026-01-28 06:07:03 -08:00
parent 222f1c6d8a
commit a87977241c
28 changed files with 10701 additions and 2052 deletions
@@ -10,33 +10,24 @@ export async function GET(
) {
const { did } = await params;
// 1. Fetch all devices for this DID
const bundles = await db.query.chatDeviceBundles.findMany({
// Fetch device bundle for this DID
const bundle = await db.query.chatDeviceBundles.findFirst({
where: eq(chatDeviceBundles.did, did),
with: {
oneTimeKeys: {
limit: 5, // Return a few keys; client picks one
// Ideally we pick non-conflicted ones or random ones
}
}
});
if (!bundles || bundles.length === 0) {
return NextResponse.json([], { status: 404 });
if (!bundle) {
return NextResponse.json({ error: 'No keys found' }, { status: 404 });
}
// 2. Format Response
const response = bundles.map(b => ({
did: b.did,
deviceId: b.deviceId,
identityKey: b.identityKey, // Base64 X25519
signedPreKey: JSON.parse(b.signedPreKey),
oneTimeKeys: b.oneTimeKeys.map(k => ({
id: k.keyId,
key: k.publicKey
})),
signature: b.signature // ECDSA signature of this bundle
}));
const signedPreKey = JSON.parse(bundle.signedPreKey);
const kyberPreKey = bundle.kyberPreKey ? JSON.parse(bundle.kyberPreKey) : null;
// Format Response for Olm
const response = {
identityKey: bundle.identityKey, // curve25519
signingKey: signedPreKey.signingKey, // ed25519
oneTimeKeys: kyberPreKey?.oneTimeKeys || [],
};
return NextResponse.json(response, {
headers: {