feat!(client): Encryption config (#1090)

This is a breaking change!

Combine `encryption` and `decryption` config option blocks.

Also added Lit Protocol config option to readme.

packages/client/CHANGELOG.md

@@ -15,6 +15,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - All contract providers are used to query the tracker registry, storage node registry and stream storage registry
 - Stream registry contract queries are done in sequence
+- Combine `encryption` and `decryption` config option blocks
+  - All options are now in the `encryption` block
 
 ### Deprecated
 

packages/client/README.md

@@ -679,9 +679,13 @@ subscriber.addEncryptionKey(key, streamId)
 
 #### Configuration
 
-There are two optional configuration options related to encryption keys:
-- `decryption.keyRequestTimeout`: max time (in milliseconds) to wait before a key request timeouts
-- `decryption.maxKeyRequestsPerSecond`: max count of key request to be sent within a second (i.e. it throttles the requests if it receives messages from many new publishers within a short period of time)
+The client uses the Streamr Network's key-exchange by default. There is also experimental support for [Lit Protocol](https://litprotocol.com/). If you want to enable it, set `encryption.litProtocolEnabled` config option to `true`. 
+
+When Lit Protocol is enabled, it is used as a primary encryption key store. The Streamr Network's key-exchange is still used as a fallback.
+
+For the Streamr Network's key-exchange you can use these config options to control the decryption process:
+- `encryption.keyRequestTimeout`: max time (in milliseconds) to wait before a key request timeouts
+- `encryption.maxKeyRequestsPerSecond`: max count of key request to be sent within a second (i.e. it throttles the requests if it receives messages from many new publishers within a short period of time)
 
 ### Proxy publishing and subscribing
 

packages/client/src/Config.ts

@@ -64,6 +64,9 @@ export interface StreamrClientConfig {
     retryResendAfter?: number
     gapFillTimeout?: number
 
+    /**
+     * Message encryption/decryption
+     */
     encryption?: {
         /**
          * Enable experimental Lit Protocol key exchange.
@@ -72,11 +75,14 @@ export interface StreamrClientConfig {
          * secondarily through the standard Streamr key-exchange system.
          */
         litProtocolEnabled?: boolean
-
         /**
          * Enable log messages of the Lit Protocol library to be printed to stdout.
          */
         litProtocolLogging?: boolean
+        // TODO keyRequestTimeout and maxKeyRequestsPerSecond config options could be applied
+        // to lit protocol key requests (both encryption and decryption?)
+        keyRequestTimeout?: number
+        maxKeyRequestsPerSecond?: number
     }
 
     network?: {
@@ -113,11 +119,6 @@ export interface StreamrClientConfig {
         maxConcurrentCalls?: number
     }
 
-    decryption?: {
-        keyRequestTimeout?: number
-        maxKeyRequestsPerSecond?: number
-    }
-
     metrics?: {
         periods?: {
             streamId: string
@@ -153,7 +154,6 @@ export type StrictStreamrClientConfig = MarkOptional<Required<StreamrClientConfi
     network: MarkOptional<Exclude<Required<StreamrClientConfig['network']>, undefined>, 'location'>
     contracts: Exclude<Required<StreamrClientConfig['contracts']>, undefined>
     encryption: Exclude<Required<StreamrClientConfig['encryption']>, undefined>
-    decryption: Exclude<Required<StreamrClientConfig['decryption']>, undefined>
     cache: Exclude<Required<StreamrClientConfig['cache']>, undefined>
     _timeouts: Exclude<DeepRequired<StreamrClientConfig['_timeouts']>, undefined>
 }

packages/client/src/config.schema.json

@@ -317,14 +317,7 @@
                 "litProtocolLogging": {
                     "type": "boolean",
                     "default": false
-                }
-            },
-            "default": {}
-        },
-        "decryption": {
-            "type": "object",
-            "additionalProperties": false,
-            "properties": {
+                },
                 "keyRequestTimeout": {
                     "type": "number",
                     "default": 30000

packages/client/src/encryption/GroupKeyManager.ts

@@ -18,15 +18,15 @@ export class GroupKeyManager {
     private readonly subscriberKeyExchange: SubscriberKeyExchange
     private readonly eventEmitter: StreamrClientEventEmitter
     private readonly destroySignal: DestroySignal
-    private readonly config: Pick<StrictStreamrClientConfig, 'decryption' | 'encryption'>
+    private readonly config: Pick<StrictStreamrClientConfig, 'encryption'>
 
     constructor(
         groupKeyStore: GroupKeyStore,
         litProtocolFacade: LitProtocolFacade,
         subscriberKeyExchange: SubscriberKeyExchange,
         eventEmitter: StreamrClientEventEmitter,
         destroySignal: DestroySignal,
-        @inject(ConfigInjectionToken) config: Pick<StrictStreamrClientConfig, 'decryption' | 'encryption'>
+        @inject(ConfigInjectionToken) config: Pick<StrictStreamrClientConfig, 'encryption'>
     ) {
         this.groupKeyStore = groupKeyStore
         this.litProtocolFacade = litProtocolFacade
@@ -60,7 +60,7 @@ export class GroupKeyManager {
             // TODO remove "as any" type casing in NET-889
             this.eventEmitter as any,
             'addGroupKey',
-            this.config.decryption.keyRequestTimeout,
+            this.config.encryption.keyRequestTimeout,
             (storedGroupKey: GroupKey) => storedGroupKey.id === groupKeyId,
             this.destroySignal.abortSignal
         )

packages/client/src/encryption/SubscriberKeyExchange.ts

@@ -49,7 +49,7 @@ export class SubscriberKeyExchange {
         @inject(AuthenticationInjectionToken) authentication: Authentication,
         validator: Validator,
         @inject(LoggerFactory) loggerFactory: LoggerFactory,
-        @inject(ConfigInjectionToken) config: Pick<StrictStreamrClientConfig, 'decryption'>
+        @inject(ConfigInjectionToken) config: Pick<StrictStreamrClientConfig, 'encryption'>
     ) {
         this.logger = loggerFactory.createLogger(module)
         this.networkNodeFacade = networkNodeFacade
@@ -64,7 +64,7 @@ export class SubscriberKeyExchange {
         })
         this.requestGroupKey = withThrottling((groupKeyId: string, publisherId: EthereumAddress, streamPartId: StreamPartID) => {
             return this.doRequestGroupKey(groupKeyId, publisherId, streamPartId)
-        }, config.decryption.maxKeyRequestsPerSecond)
+        }, config.encryption.maxKeyRequestsPerSecond)
     }
 
     private async doRequestGroupKey(groupKeyId: string, publisherId: EthereumAddress, streamPartId: StreamPartID): Promise<void> {

packages/client/test/integration/resend-with-existing-key.test.ts

@@ -80,7 +80,7 @@ describe('resend with existing key', () => {
             auth: {
                 privateKey: subscriberWallet.privateKey
             },
-            decryption: {
+            encryption: {
                 keyRequestTimeout: 50
             }
         })

packages/client/test/integration/revoke-permissions.test.ts

@@ -74,7 +74,7 @@ describe('revoke permissions', () => {
             auth: {
                 privateKey: subscriberPrivateKey
             },
-            decryption: {
+            encryption: {
                 keyRequestTimeout: 200
             },
             ...opts

packages/client/test/integration/update-encryption-key.test.ts

@@ -27,7 +27,7 @@ describe('update encryption key', () => {
         environment = new FakeEnvironment()
         publisher = environment.createClient()
         subscriber = environment.createClient({
-            decryption: {
+            encryption: {
                 keyRequestTimeout: 200
             }
         })

packages/client/test/test-utils/utils.ts

@@ -178,9 +178,7 @@ export const createGroupKeyManager = (groupKeyStore: GroupKeyStore = mock<GroupK
         {
             encryption: {
                 litProtocolEnabled: false,
-                litProtocolLogging: false
-            },
-            decryption: {
+                litProtocolLogging: false,
                 maxKeyRequestsPerSecond: 10,
                 keyRequestTimeout: 50
             }

packages/client/test/unit/GroupKeyManager.test.ts

@@ -32,9 +32,7 @@ describe('GroupKeyManager', () => {
             {
                 encryption: {
                     litProtocolEnabled,
-                    litProtocolLogging: false
-                },
-                decryption: {
+                    litProtocolLogging: false,
                     maxKeyRequestsPerSecond: 10,
                     keyRequestTimeout: 100
                 }

packages/client/test/unit/subscribePipeline.test.ts

@@ -74,14 +74,12 @@ describe('subscribePipeline', () => {
             get: async () => undefined
         } as any
         const destroySignal = new DestroySignal()
-        const config: Pick<StrictStreamrClientConfig, 'decryption' | 'encryption'> = {
-            decryption: {
-                keyRequestTimeout: 50,
-                maxKeyRequestsPerSecond: 0
-            },
+        const config: Pick<StrictStreamrClientConfig, 'encryption'> = {
             encryption: {
                 litProtocolEnabled: false,
-                litProtocolLogging: false
+                litProtocolLogging: false,
+                keyRequestTimeout: 50,
+                maxKeyRequestsPerSecond: 0
             }
         }
         pipeline = createSubscribePipeline({