fixes for both

.github/workflows/build.yaml

@@ -167,7 +167,7 @@ jobs:
           kubernetes-version: 1.30.0
       - name: Run tilt ci
         env:
-          TEST_SCRIPT: ./wait-and-test.sh
+          TEST_SCRIPT: ./wait-and-test.sh backend
           OPENTDF_INGRESS_HOST_PORT: "5432"
           PLAYWRIGHT_TESTS_TO_RUN: roundtrip
         run: tilt ci
@@ -198,7 +198,7 @@ jobs:
           OPENTDF_SERVICES_AUTHORIZATION_URL: "http://localhost:65432/"
           PLAYWRIGHT_TESTS_TO_RUN: roundtrip
         run: |-
-          ./.github/workflows/roundtrip/wait-and-test.sh
+          ./.github/workflows/roundtrip/wait-and-test.sh platform
 
   deliver-ghp:
     needs: [lib, web-app, scripts, backend-roundtrip]

.github/workflows/roundtrip/wait-and-test.sh

@@ -11,14 +11,17 @@ echo "[INFO] App version: ${app_version}"
 
 if [ $1 = backend ]; then
   VITE_PROXY='{"/api":"http://localhost:5432","/auth":"http://localhost:5432"}'
-  VITE_TDF_CFG='{oidc:{host:"http://localhost:65432/auth/realms/tdf",clientId:"browsertest"},kas:"http://localhost:65432/api/kas",reader:"https://secure.virtru.com/start?htmlProtocol=1"}'
+  VITE_TDF_CFG='{"oidc":{"host":"http://localhost:65432/auth/realms/tdf","clientId":"browsertest"},"kas":"http://localhost:65432/api/kas","reader":"https://secure.virtru.com/start?htmlProtocol=1"}'
 else
   VITE_PROXY='{"/kas":"http://localhost:8080","/auth":"http://localhost:8888"}'
-  VITE_TDF_CFG='{oidc:{host:"http://localhost:65432/auth/realms/opentdf",clientId:"browsertest"},kas:"http://localhost:65432/kas",reader:"https://secure.virtru.com/start?htmlProtocol=1"}'
+  VITE_TDF_CFG='{"oidc":{"host":"http://localhost:65432/auth/realms/opentdf","clientId":"browsertest"},"kas":"http://localhost:65432/kas","reader":"https://secure.virtru.com/start?htmlProtocol=1"}'
 fi
 export VITE_PROXY
 export VITE_TDF_CFG
 
+
+# VITE_PROXY='{"/api":"http://localhost:5432","/auth":"http://localhost:5432"}' VITE_TDF_CFG='{"oidc":{"host":"http://localhost:65432/auth/realms/tdf","clientId":"browsertest"},"kas":"http://localhost:65432/api/kas","reader":"https://secure.virtru.com/start?htmlProtocol=1"}' npm run dev
+
 _wait-for() {
   echo "[INFO] In retry loop for quickstarted opentdf backend..."
   limit=5

lib/tdf3/src/client/builders.ts

@@ -7,6 +7,7 @@ import { IllegalArgumentError } from '../../../src/errors.js';
 import { PemKeyPair } from '../crypto/declarations.js';
 import { EntityObject } from '../../../src/tdf/EntityObject.js';
 import { DecoratedReadableStream } from './DecoratedReadableStream.js';
+import { type Chunker } from '../utils/chunkers.js';
 
 export const DEFAULT_SEGMENT_SIZE: number = 1024 * 1024;
 export type Scope = {
@@ -470,6 +471,7 @@ export type DecryptStreamMiddleware = (
 
 export type DecryptSource =
   | { type: 'buffer'; location: Uint8Array }
+  | { type: 'chunker'; location: Chunker }
   | { type: 'remote'; location: string }
   | { type: 'stream'; location: ReadableStream<Uint8Array> }
   | { type: 'file-browser'; location: Blob };

lib/tdf3/src/client/index.ts

@@ -95,14 +95,20 @@ const makeChunkable = async (source: DecryptSource) => {
   // we don't support streams anyways (see zipreader.js)
   let initialChunker: Chunker;
   let buf = null;
-  if (source.type === 'stream') {
-    buf = await streamToBuffer(source.location);
-    initialChunker = fromBuffer(buf);
-  } else if (source.type === 'buffer') {
-    buf = source.location;
-    initialChunker = fromBuffer(buf);
-  } else {
-    initialChunker = await fromDataSource(source);
+  switch (source.type) {
+    case 'stream':
+      buf = await streamToBuffer(source.location);
+      initialChunker = fromBuffer(buf);
+      break;
+    case 'buffer':
+      buf = source.location;
+      initialChunker = fromBuffer(buf);
+      break;
+    case 'chunker':
+      initialChunker = source.location;
+      break;
+    default:
+      initialChunker = await fromDataSource(source);
   }
 
   const magic: string = await getFirstTwoBytes(initialChunker);

web-app/package.json

@@ -17,7 +17,7 @@
   "dependencies": {
     "@opentdf/client": "file:../lib/opentdf-client-2.0.0.tgz",
     "clsx": "^2.0.0",
-    "native-file-system-adapter": "^3.0.0",
+    "native-file-system-adapter": "^3.0.1",
     "react": "^18.2.0",
     "react-dom": "^18.2.0"
   },
@@ -26,7 +26,7 @@
     "@rollup/plugin-inject": "^5.0.3",
     "@types/react": "^18.2.17",
     "@types/react-dom": "^18.2.7",
-    "@types/wicg-file-system-access": "^2020.9.6",
+    "@types/wicg-file-system-access": "^2023.10.5",
     "@typescript-eslint/eslint-plugin": "^6.2.1",
     "@typescript-eslint/parser": "^6.2.1",
     "@vitejs/plugin-react": "^4.0.4",

web-app/src/App.tsx

@@ -2,7 +2,7 @@ import { clsx } from 'clsx';
 import { useState, useEffect, type ChangeEvent } from 'react';
 import { showSaveFilePicker } from 'native-file-system-adapter';
 import './App.css';
-import { TDF3Client, type DecryptSource, NanoTDFClient } from '@opentdf/client';
+import { type Chunker, type DecryptSource, NanoTDFClient, TDF3Client } from '@opentdf/client';
 import { type SessionInformation, OidcClient } from './session.js';
 import { c } from './config.js';
 
@@ -62,6 +62,7 @@ async function getNewFileHandle(
     ],
     suggestedName,
   };
+  //@ts-expect-error //TS2739: not a complete file picker interface
   return showSaveFilePicker(options);
 }
 
@@ -629,6 +630,8 @@ function App() {
     let source;
     if ('file' in inputSource) {
       source = inputSource.file.stream() as unknown as ReadableStream<Uint8Array>;
+    } else if ('type' in inputSource) {
+      throw new Error('Unimplemented');
     } else {
       const sc = new AbortController();
       setStreamController(sc);
@@ -725,7 +728,7 @@ function App() {
             {hasFileInput ? (
               <div id="details">
                 <h2>
-                  {'file' in inputSource ? inputSource.file.name : inputSource.url.toString()}
+                  {'file' in inputSource ? inputSource.file.name : '[rand]'}
                 </h2>
                 {'file' in inputSource && (
                   <>

web-app/src/session.ts

@@ -403,13 +403,13 @@ export class OidcClient implements AuthProvider {
     }
     const { accessToken } = user;
     const { signingKey } = this;
-    if (!signingKey) {
+    if (!signingKey || !signingKey.publicKey) {
       console.error('missing DPoP key');
       return httpReq;
     }
     console.info(
       `signing request for ${httpReq.url} with DPoP key ${JSON.stringify(
-        await crypto.subtle.exportKey('jwk', this.signingKey.publicKey)
+        await crypto.subtle.exportKey('jwk', signingKey.publicKey)
       )}`
     );
     const dpopToken = await dpopFn(
@@ -419,9 +419,6 @@ export class OidcClient implements AuthProvider {
       /* nonce */ undefined,
       accessToken
     );
-    if (this.wrapperPubKey) {
-      httpReq = withHeaders(httpReq, { 'X-VirtruPubKey': this.wrapperPubKey });
-    }
     // TODO: Consider: only set DPoP if cnf.jkt is present in access token?
     return withHeaders(httpReq, { Authorization: `Bearer ${accessToken}`, DPoP: dpopToken });
   }

web-app/vite.config.ts

@@ -4,6 +4,20 @@ import react from '@vitejs/plugin-react';
 
 const require = createRequire(import.meta.url)
 
+function proxy(): Record<string, string> {
+  console.log(process.env);
+  const { VITE_PROXY } = process.env;
+  if (VITE_PROXY) {
+    console.log(`using VITE_PROXY [${VITE_PROXY}]`);
+    return JSON.parse(VITE_PROXY);
+  }
+  console.log("using standard VITE_PROXY");
+  return {
+    '/kas': 'http://localhost:8080',
+    '/auth': 'http://localhost:8888',
+  };
+}
+
 // https://vitejs.dev/config/
 export default defineConfig({
   build: {
@@ -14,9 +28,6 @@ export default defineConfig({
   plugins: [react()],
   server: {
     port: 65432,
-    proxy: {
-      '/kas': 'http://localhost:8080',
-      '/auth': 'http://localhost:8888',
-    },
+    proxy: proxy(),
   },
 });