refactor: break up vault services (#2364)

packages/services/src/Domain/VaultInvite/InviteRecord.ts

@@ -0,0 +1,8 @@
+import { AsymmetricMessageSharedVaultInvite } from '@standardnotes/models'
+import { SharedVaultInviteServerHash } from '@standardnotes/responses'
+
+export type InviteRecord = {
+  invite: SharedVaultInviteServerHash
+  message: AsymmetricMessageSharedVaultInvite
+  trusted: boolean
+}

packages/services/src/Domain/VaultInvite/UseCase/AcceptVaultInvite.ts

@@ -0,0 +1,23 @@
+import { AsymmetricMessageSharedVaultInvite } from '@standardnotes/models'
+import { SharedVaultInvitesServerInterface } from '@standardnotes/api'
+import { SharedVaultInviteServerHash } from '@standardnotes/responses'
+import { ProcessAcceptedVaultInvite } from '../../AsymmetricMessage/UseCase/ProcessAcceptedVaultInvite'
+
+export class AcceptVaultInvite {
+  constructor(
+    private inviteServer: SharedVaultInvitesServerInterface,
+    private processInvite: ProcessAcceptedVaultInvite,
+  ) {}
+
+  async execute(dto: {
+    invite: SharedVaultInviteServerHash
+    message: AsymmetricMessageSharedVaultInvite
+  }): Promise<void> {
+    await this.processInvite.execute(dto.message, dto.invite.shared_vault_uuid, dto.invite.sender_uuid)
+
+    await this.inviteServer.acceptInvite({
+      sharedVaultUuid: dto.invite.shared_vault_uuid,
+      inviteUuid: dto.invite.uuid,
+    })
+  }
+}

packages/services/src/Domain/VaultInvite/UseCase/InviteToVault.ts

@@ -0,0 +1,135 @@
+import { SharedVaultInviteServerHash, SharedVaultPermission } from '@standardnotes/responses'
+import {
+  TrustedContactInterface,
+  SharedVaultListingInterface,
+  AsymmetricMessagePayloadType,
+  VaultInviteDelegatedContact,
+} from '@standardnotes/models'
+import { SendVaultInvite } from './SendVaultInvite'
+import { PkcKeyPair } from '@standardnotes/sncrypto-common'
+import { EncryptMessage } from '../../Encryption/UseCase/Asymmetric/EncryptMessage'
+import { Result, UseCaseInterface } from '@standardnotes/domain-core'
+import { ShareContactWithVault } from '../../SharedVaults/UseCase/ShareContactWithVault'
+import { KeySystemKeyManagerInterface } from '../../KeySystem/KeySystemKeyManagerInterface'
+
+export class InviteToVault implements UseCaseInterface<SharedVaultInviteServerHash> {
+  constructor(
+    private keyManager: KeySystemKeyManagerInterface,
+    private encryptMessage: EncryptMessage,
+    private sendInvite: SendVaultInvite,
+    private shareContact: ShareContactWithVault,
+  ) {}
+
+  async execute(params: {
+    keys: {
+      encryption: PkcKeyPair
+      signing: PkcKeyPair
+    }
+    senderUuid: string
+    sharedVault: SharedVaultListingInterface
+    sharedVaultContacts: TrustedContactInterface[]
+    recipient: TrustedContactInterface
+    permissions: SharedVaultPermission
+  }): Promise<Result<SharedVaultInviteServerHash>> {
+    const createInviteResult = await this.inviteContact(params)
+
+    if (createInviteResult.isFailed()) {
+      return createInviteResult
+    }
+
+    await this.shareContactWithOtherVaultMembers({
+      contact: params.recipient,
+      senderUuid: params.senderUuid,
+      keys: params.keys,
+      sharedVault: params.sharedVault,
+    })
+
+    return createInviteResult
+  }
+
+  private async shareContactWithOtherVaultMembers(params: {
+    contact: TrustedContactInterface
+    senderUuid: string
+    keys: {
+      encryption: PkcKeyPair
+      signing: PkcKeyPair
+    }
+    sharedVault: SharedVaultListingInterface
+  }): Promise<Result<void>> {
+    const result = await this.shareContact.execute({
+      keys: params.keys,
+      senderUserUuid: params.senderUuid,
+      sharedVault: params.sharedVault,
+      contactToShare: params.contact,
+    })
+
+    return result
+  }
+
+  private async inviteContact(params: {
+    keys: {
+      encryption: PkcKeyPair
+      signing: PkcKeyPair
+    }
+    sharedVault: SharedVaultListingInterface
+    sharedVaultContacts: TrustedContactInterface[]
+    recipient: TrustedContactInterface
+    permissions: SharedVaultPermission
+  }): Promise<Result<SharedVaultInviteServerHash>> {
+    const keySystemRootKey = this.keyManager.getPrimaryKeySystemRootKey(params.sharedVault.systemIdentifier)
+    if (!keySystemRootKey) {
+      return Result.fail('Cannot invite contact; key system root key not found')
+    }
+
+    const meContact = params.sharedVaultContacts.find((contact) => contact.isMe)
+    if (!meContact) {
+      return Result.fail('Cannot invite contact; me contact not found')
+    }
+
+    const meContactContent: VaultInviteDelegatedContact = {
+      name: undefined,
+      contactUuid: meContact.contactUuid,
+      publicKeySet: meContact.publicKeySet,
+    }
+
+    const delegatedContacts: VaultInviteDelegatedContact[] = params.sharedVaultContacts
+      .filter((contact) => !contact.isMe && contact.contactUuid !== params.recipient.contactUuid)
+      .map((contact) => {
+        return {
+          name: contact.name,
+          contactUuid: contact.contactUuid,
+          publicKeySet: contact.publicKeySet,
+        }
+      })
+
+    const encryptedMessage = this.encryptMessage.execute({
+      message: {
+        type: AsymmetricMessagePayloadType.SharedVaultInvite,
+        data: {
+          recipientUuid: params.recipient.contactUuid,
+          rootKey: keySystemRootKey.content,
+          trustedContacts: [meContactContent, ...delegatedContacts],
+          metadata: {
+            name: params.sharedVault.name,
+            description: params.sharedVault.description,
+          },
+        },
+      },
+      keys: params.keys,
+      recipientPublicKey: params.recipient.publicKeySet.encryption,
+    })
+
+    if (encryptedMessage.isFailed()) {
+      return Result.fail(encryptedMessage.getError())
+    }
+
+    const createInviteResult = await this.sendInvite.execute({
+      sharedVaultUuid: params.sharedVault.sharing.sharedVaultUuid,
+      recipientUuid: params.recipient.contactUuid,
+      encryptedMessage: encryptedMessage.getValue(),
+      permissions: params.permissions,
+    })
+
+    return createInviteResult
+  }
+}

packages/services/src/Domain/VaultInvite/UseCase/ReuploadAllInvites.ts

@@ -0,0 +1,86 @@
+import { SharedVaultInviteServerHash, isErrorResponse } from '@standardnotes/responses'
+import { SharedVaultInvitesServerInterface } from '@standardnotes/api'
+import { PkcKeyPair } from '@standardnotes/sncrypto-common'
+import { Result, UseCaseInterface } from '@standardnotes/domain-core'
+import { ReuploadInvite } from './ReuploadInvite'
+import { FindContact } from '../../Contacts/UseCase/FindContact'
+
+type ReuploadAllInvitesDTO = {
+  keys: {
+    encryption: PkcKeyPair
+    signing: PkcKeyPair
+  }
+  previousKeys?: {
+    encryption: PkcKeyPair
+    signing: PkcKeyPair
+  }
+}
+
+export class ReuploadAllInvites implements UseCaseInterface<void> {
+  constructor(
+    private reuploadInvite: ReuploadInvite,
+    private findContact: FindContact,
+    private inviteServer: SharedVaultInvitesServerInterface,
+  ) {}
+
+  async execute(params: ReuploadAllInvitesDTO): Promise<Result<void>> {
+    const invites = await this.getExistingInvites()
+    if (invites.isFailed()) {
+      return invites
+    }
+
+    const deleteResult = await this.deleteExistingInvites()
+    if (deleteResult.isFailed()) {
+      return deleteResult
+    }
+
+    const errors: string[] = []
+
+    for (const invite of invites.getValue()) {
+      const recipient = this.findContact.execute({ userUuid: invite.user_uuid })
+      if (recipient.isFailed()) {
+        errors.push(`Contact not found for invite ${invite.user_uuid}`)
+        continue
+      }
+
+      const result = await this.reuploadInvite.execute({
+        keys: params.keys,
+        previousKeys: params.previousKeys,
+        recipient: recipient.getValue(),
+        previousInvite: invite,
+      })
+
+      if (result.isFailed()) {
+        errors.push(result.getError())
+      }
+    }
+
+    if (errors.length > 0) {
+      return Result.fail(errors.join(', '))
+    }
+
+    return Result.ok()
+  }
+
+  private async getExistingInvites(): Promise<Result<SharedVaultInviteServerHash[]>> {
+    const response = await this.inviteServer.getOutboundUserInvites()
+
+    if (isErrorResponse(response)) {
+      return Result.fail(`Failed to get outbound user invites ${response}`)
+    }
+
+    const invites = response.data.invites
+
+    return Result.ok(invites)
+  }
+
+  private async deleteExistingInvites(): Promise<Result<void>> {
+    const response = await this.inviteServer.deleteAllOutboundInvites()
+
+    if (isErrorResponse(response)) {
+      return Result.fail(`Failed to delete existing invites ${response}`)
+    }
+
+    return Result.ok()
+  }
+}

packages/services/src/Domain/VaultInvite/UseCase/ReuploadInvite.ts

@@ -0,0 +1,57 @@
+import { DecryptOwnMessage } from '../../Encryption/UseCase/Asymmetric/DecryptOwnMessage'
+import { AsymmetricMessageSharedVaultInvite, TrustedContactInterface } from '@standardnotes/models'
+import { SharedVaultInviteServerHash } from '@standardnotes/responses'
+import { PkcKeyPair } from '@standardnotes/sncrypto-common'
+import { Result, UseCaseInterface } from '@standardnotes/domain-core'
+import { SendVaultInvite } from './SendVaultInvite'
+import { EncryptMessage } from '../../Encryption/UseCase/Asymmetric/EncryptMessage'
+
+export class ReuploadInvite implements UseCaseInterface<void> {
+  constructor(
+    private decryptOwnMessage: DecryptOwnMessage<AsymmetricMessageSharedVaultInvite>,
+    private sendInvite: SendVaultInvite,
+    private encryptMessage: EncryptMessage,
+  ) {}
+
+  async execute(params: {
+    keys: {
+      encryption: PkcKeyPair
+      signing: PkcKeyPair
+    }
+    previousKeys?: {
+      encryption: PkcKeyPair
+      signing: PkcKeyPair
+    }
+    recipient: TrustedContactInterface
+    previousInvite: SharedVaultInviteServerHash
+  }): Promise<Result<SharedVaultInviteServerHash>> {
+    const decryptedPreviousInvite = this.decryptOwnMessage.execute({
+      message: params.previousInvite.encrypted_message,
+      privateKey: params.previousKeys?.encryption.privateKey ?? params.keys.encryption.privateKey,
+      recipientPublicKey: params.recipient.publicKeySet.encryption,
+    })
+
+    if (decryptedPreviousInvite.isFailed()) {
+      return Result.fail(decryptedPreviousInvite.getError())
+    }
+
+    const encryptedMessage = this.encryptMessage.execute({
+      message: decryptedPreviousInvite.getValue(),
+      keys: params.keys,
+      recipientPublicKey: params.recipient.publicKeySet.encryption,
+    })
+
+    if (encryptedMessage.isFailed()) {
+      return Result.fail(encryptedMessage.getError())
+    }
+
+    const createInviteResult = await this.sendInvite.execute({
+      sharedVaultUuid: params.previousInvite.shared_vault_uuid,
+      recipientUuid: params.recipient.contactUuid,
+      encryptedMessage: encryptedMessage.getValue(),
+      permissions: params.previousInvite.permissions,
+    })
+
+    return createInviteResult
+  }
+}

packages/services/src/Domain/VaultInvite/UseCase/ReuploadVaultInvites.ts

@@ -0,0 +1,86 @@
+import { SharedVaultListingInterface } from '@standardnotes/models'
+import { SharedVaultInviteServerHash, isErrorResponse } from '@standardnotes/responses'
+import { SharedVaultInvitesServerInterface } from '@standardnotes/api'
+import { PkcKeyPair } from '@standardnotes/sncrypto-common'
+import { Result, UseCaseInterface } from '@standardnotes/domain-core'
+import { ReuploadInvite } from './ReuploadInvite'
+import { FindContact } from '../../Contacts/UseCase/FindContact'
+
+type ReuploadVaultInvitesDTO = {
+  sharedVault: SharedVaultListingInterface
+  senderUuid: string
+  keys: {
+    encryption: PkcKeyPair
+    signing: PkcKeyPair
+  }
+}
+
+export class ReuploadVaultInvites implements UseCaseInterface<void> {
+  constructor(
+    private reuploadInvite: ReuploadInvite,
+    private findContact: FindContact,
+    private inviteServer: SharedVaultInvitesServerInterface,
+  ) {}
+
+  async execute(params: ReuploadVaultInvitesDTO): Promise<Result<void>> {
+    const existingInvites = await this.getExistingInvites(params.sharedVault.sharing.sharedVaultUuid)
+    if (existingInvites.isFailed()) {
+      return existingInvites
+    }
+
+    const deleteResult = await this.deleteExistingInvites(params.sharedVault.sharing.sharedVaultUuid)
+    if (deleteResult.isFailed()) {
+      return deleteResult
+    }
+
+    const errors: string[] = []
+
+    for (const invite of existingInvites.getValue()) {
+      const recipient = this.findContact.execute({ userUuid: invite.user_uuid })
+      if (recipient.isFailed()) {
+        errors.push(`Contact not found for invite ${invite.user_uuid}`)
+        continue
+      }
+
+      const result = await this.reuploadInvite.execute({
+        keys: params.keys,
+        recipient: recipient.getValue(),
+        previousInvite: invite,
+      })
+
+      if (result.isFailed()) {
+        errors.push(result.getError())
+      }
+    }
+
+    if (errors.length > 0) {
+      return Result.fail(errors.join(', '))
+    }
+
+    return Result.ok()
+  }
+
+  private async getExistingInvites(sharedVaultUuid: string): Promise<Result<SharedVaultInviteServerHash[]>> {
+    const response = await this.inviteServer.getOutboundUserInvites()
+
+    if (isErrorResponse(response)) {
+      return Result.fail(`Failed to get outbound user invites ${response}`)
+    }
+
+    const invites = response.data.invites
+
+    return Result.ok(invites.filter((invite) => invite.shared_vault_uuid === sharedVaultUuid))
+  }
+
+  private async deleteExistingInvites(sharedVaultUuid: string): Promise<Result<void>> {
+    const response = await this.inviteServer.deleteAllSharedVaultInvites({
+      sharedVaultUuid: sharedVaultUuid,
+    })
+
+    if (isErrorResponse(response)) {
+      return Result.fail(`Failed to delete existing invites ${response}`)
+    }
+
+    return Result.ok()
+  }
+}

packages/services/src/Domain/VaultInvite/UseCase/SendVaultInvite.ts

@@ -0,0 +1,32 @@
+import {
+  SharedVaultInviteServerHash,
+  isErrorResponse,
+  SharedVaultPermission,
+  getErrorFromErrorResponse,
+} from '@standardnotes/responses'
+import { SharedVaultInvitesServerInterface } from '@standardnotes/api'
+import { Result, UseCaseInterface } from '@standardnotes/domain-core'
+
+export class SendVaultInvite implements UseCaseInterface<SharedVaultInviteServerHash> {
+  constructor(private vaultInvitesServer: SharedVaultInvitesServerInterface) {}
+
+  async execute(params: {
+    sharedVaultUuid: string
+    recipientUuid: string
+    encryptedMessage: string
+    permissions: SharedVaultPermission
+  }): Promise<Result<SharedVaultInviteServerHash>> {
+    const response = await this.vaultInvitesServer.createInvite({
+      sharedVaultUuid: params.sharedVaultUuid,
+      recipientUuid: params.recipientUuid,
+      encryptedMessage: params.encryptedMessage,
+      permissions: params.permissions,
+    })
+
+    if (isErrorResponse(response)) {
+      return Result.fail(getErrorFromErrorResponse(response).message)
+    }
+
+    return Result.ok(response.data.invite)
+  }
+}

packages/services/src/Domain/VaultInvite/VaultInviteService.ts

@@ -0,0 +1,274 @@
+import { AcceptVaultInvite } from './UseCase/AcceptVaultInvite'
+import { SyncEvent, SyncEventReceivedSharedVaultInvitesData } from './../Event/SyncEvent'
+import { SessionEvent } from './../Session/SessionEvent'
+import { InternalEventInterface } from './../Internal/InternalEventInterface'
+import { InternalEventHandlerInterface } from './../Internal/InternalEventHandlerInterface'
+import { ItemManagerInterface } from './../Item/ItemManagerInterface'
+import { FindContact } from './../Contacts/UseCase/FindContact'
+import { GetUntrustedPayload } from './../AsymmetricMessage/UseCase/GetUntrustedPayload'
+import { GetTrustedPayload } from './../AsymmetricMessage/UseCase/GetTrustedPayload'
+import { InviteRecord } from './InviteRecord'
+import { VaultUserServiceInterface } from './../VaultUser/VaultUserServiceInterface'
+import { GetVault } from './../Vaults/UseCase/GetVault'
+import { InviteToVault } from './UseCase/InviteToVault'
+import { GetVaultContacts } from '../VaultUser/UseCase/GetVaultContacts'
+import { SyncServiceInterface } from './../Sync/SyncServiceInterface'
+import { EncryptionProviderInterface } from './../Encryption/EncryptionProviderInterface'
+import { InternalEventBusInterface } from './../Internal/InternalEventBusInterface'
+import { SessionsClientInterface } from './../Session/SessionsClientInterface'
+import { GetAllContacts } from './../Contacts/UseCase/GetAllContacts'
+import {
+  AsymmetricMessageSharedVaultInvite,
+  PayloadEmitSource,
+  SharedVaultListingInterface,
+  TrustedContactInterface,
+} from '@standardnotes/models'
+import { VaultInviteServiceInterface } from './VaultInviteServiceInterface'
+import {
+  ClientDisplayableError,
+  SharedVaultInviteServerHash,
+  SharedVaultPermission,
+  SharedVaultUserServerHash,
+  isErrorResponse,
+} from '@standardnotes/responses'
+import { AbstractService } from './../Service/AbstractService'
+import { VaultInviteServiceEvent } from './VaultInviteServiceEvent'
+import { ContentType, Result } from '@standardnotes/domain-core'
+import { SharedVaultInvitesServer } from '@standardnotes/api'
+
+export class VaultInviteService
+  extends AbstractService<VaultInviteServiceEvent>
+  implements VaultInviteServiceInterface, InternalEventHandlerInterface
+{
+  private pendingInvites: Record<string, InviteRecord> = {}
+
+  constructor(
+    items: ItemManagerInterface,
+    private session: SessionsClientInterface,
+    private vaultUsers: VaultUserServiceInterface,
+    private sync: SyncServiceInterface,
+    private encryption: EncryptionProviderInterface,
+    private invitesServer: SharedVaultInvitesServer,
+    private _getAllContacts: GetAllContacts,
+    private _getVault: GetVault,
+    private _getVaultContacts: GetVaultContacts,
+    private _inviteToVault: InviteToVault,
+    private _getTrustedPayload: GetTrustedPayload,
+    private _getUntrustedPayload: GetUntrustedPayload,
+    private _findContact: FindContact,
+    private _acceptVaultInvite: AcceptVaultInvite,
+    eventBus: InternalEventBusInterface,
+  ) {
+    super(eventBus)
+
+    this.eventDisposers.push(
+      items.addObserver<TrustedContactInterface>(ContentType.TYPES.TrustedContact, async ({ inserted, source }) => {
+        if (source === PayloadEmitSource.LocalChanged && inserted.length > 0) {
+          void this.downloadInboundInvites()
+        }
+
+        await this.reprocessCachedInvitesTrustStatusAfterTrustedContactsChange()
+      }),
+    )
+  }
+
+  override deinit(): void {
+    super.deinit()
+    ;(this.session as unknown) = undefined
+    ;(this.vaultUsers as unknown) = undefined
+    ;(this.sync as unknown) = undefined
+    ;(this.encryption as unknown) = undefined
+    ;(this.invitesServer as unknown) = undefined
+    ;(this._getAllContacts as unknown) = undefined
+    ;(this._getVault as unknown) = undefined
+    ;(this._getVaultContacts as unknown) = undefined
+    ;(this._inviteToVault as unknown) = undefined
+    ;(this._getTrustedPayload as unknown) = undefined
+    ;(this._getUntrustedPayload as unknown) = undefined
+    ;(this._findContact as unknown) = undefined
+    ;(this._acceptVaultInvite as unknown) = undefined
+
+    this.pendingInvites = {}
+  }
+
+  async handleEvent(event: InternalEventInterface): Promise<void> {
+    switch (event.type) {
+      case SessionEvent.UserKeyPairChanged:
+        void this.invitesServer.deleteAllInboundInvites()
+        break
+      case SyncEvent.ReceivedSharedVaultInvites:
+        await this.processInboundInvites(event.payload as SyncEventReceivedSharedVaultInvitesData)
+        break
+    }
+  }
+
+  public getCachedPendingInviteRecords(): InviteRecord[] {
+    return Object.values(this.pendingInvites)
+  }
+
+  public async downloadInboundInvites(): Promise<ClientDisplayableError | SharedVaultInviteServerHash[]> {
+    const response = await this.invitesServer.getInboundUserInvites()
+
+    if (isErrorResponse(response)) {
+      return ClientDisplayableError.FromString(`Failed to get inbound user invites ${response}`)
+    }
+
+    this.pendingInvites = {}
+
+    await this.processInboundInvites(response.data.invites)
+
+    return response.data.invites
+  }
+
+  public async getOutboundInvites(
+    sharedVault?: SharedVaultListingInterface,
+  ): Promise<SharedVaultInviteServerHash[] | ClientDisplayableError> {
+    const response = await this.invitesServer.getOutboundUserInvites()
+
+    if (isErrorResponse(response)) {
+      return ClientDisplayableError.FromString(`Failed to get outbound user invites ${response}`)
+    }
+
+    if (sharedVault) {
+      return response.data.invites.filter((invite) => invite.shared_vault_uuid === sharedVault.sharing.sharedVaultUuid)
+    }
+
+    return response.data.invites
+  }
+
+  public async acceptInvite(pendingInvite: InviteRecord): Promise<void> {
+    if (!pendingInvite.trusted) {
+      throw new Error('Cannot accept untrusted invite')
+    }
+
+    await this._acceptVaultInvite.execute({ invite: pendingInvite.invite, message: pendingInvite.message })
+
+    delete this.pendingInvites[pendingInvite.invite.uuid]
+
+    void this.sync.sync()
+
+    await this.encryption.decryptErroredPayloads()
+
+    await this.sync.syncSharedVaultsFromScratch([pendingInvite.invite.shared_vault_uuid])
+  }
+
+  public async getInvitableContactsForSharedVault(
+    sharedVault: SharedVaultListingInterface,
+  ): Promise<TrustedContactInterface[]> {
+    const users = await this.vaultUsers.getSharedVaultUsers(sharedVault)
+    if (!users) {
+      return []
+    }
+
+    const contacts = this._getAllContacts.execute()
+    if (contacts.isFailed()) {
+      return []
+    }
+    return contacts.getValue().filter((contact) => {
+      const isContactAlreadyInVault = users.some((user) => user.user_uuid === contact.contactUuid)
+      return !isContactAlreadyInVault
+    })
+  }
+
+  public async inviteContactToSharedVault(
+    sharedVault: SharedVaultListingInterface,
+    contact: TrustedContactInterface,
+    permissions: SharedVaultPermission,
+  ): Promise<Result<SharedVaultInviteServerHash>> {
+    const contactsResult = await this._getVaultContacts.execute(sharedVault.sharing.sharedVaultUuid)
+    if (contactsResult.isFailed()) {
+      return Result.fail(contactsResult.getError())
+    }
+
+    const contacts = contactsResult.getValue()
+
+    const result = await this._inviteToVault.execute({
+      keys: {
+        encryption: this.encryption.getKeyPair(),
+        signing: this.encryption.getSigningKeyPair(),
+      },
+      senderUuid: this.session.getSureUser().uuid,
+      sharedVault,
+      recipient: contact,
+      sharedVaultContacts: contacts,
+      permissions,
+    })
+
+    void this.notifyEvent(VaultInviteServiceEvent.InviteSent)
+
+    await this.sync.sync()
+
+    return result
+  }
+
+  public isVaultUserOwner(user: SharedVaultUserServerHash): boolean {
+    const result = this._getVault.execute<SharedVaultListingInterface>({ sharedVaultUuid: user.shared_vault_uuid })
+    if (result.isFailed()) {
+      return false
+    }
+
+    const vault = result.getValue()
+    return vault != undefined && vault.sharing.ownerUserUuid === user.user_uuid
+  }
+
+  public async deleteInvite(invite: SharedVaultInviteServerHash): Promise<ClientDisplayableError | void> {
+    const response = await this.invitesServer.deleteInvite({
+      sharedVaultUuid: invite.shared_vault_uuid,
+      inviteUuid: invite.uuid,
+    })
+
+    if (isErrorResponse(response)) {
+      return ClientDisplayableError.FromString(`Failed to delete invite ${response}`)
+    }
+
+    delete this.pendingInvites[invite.uuid]
+  }
+
+  private async reprocessCachedInvitesTrustStatusAfterTrustedContactsChange(): Promise<void> {
+    const cachedInvites = this.getCachedPendingInviteRecords().map((record) => record.invite)
+
+    await this.processInboundInvites(cachedInvites)
+  }
+
+  private async processInboundInvites(invites: SharedVaultInviteServerHash[]): Promise<void> {
+    if (invites.length === 0) {
+      return
+    }
+
+    for (const invite of invites) {
+      const sender = this._findContact.execute({ userUuid: invite.sender_uuid })
+      if (!sender.isFailed()) {
+        const trustedMessage = this._getTrustedPayload.execute<AsymmetricMessageSharedVaultInvite>({
+          message: invite,
+          privateKey: this.encryption.getKeyPair().privateKey,
+          sender: sender.getValue(),
+        })
+
+        if (!trustedMessage.isFailed()) {
+          this.pendingInvites[invite.uuid] = {
+            invite,
+            message: trustedMessage.getValue(),
+            trusted: true,
+          }
+
+          continue
+        }
+      }
+
+      const untrustedMessage = this._getUntrustedPayload.execute<AsymmetricMessageSharedVaultInvite>({
+        message: invite,
+        privateKey: this.encryption.getKeyPair().privateKey,
+      })
+
+      if (!untrustedMessage.isFailed()) {
+        this.pendingInvites[invite.uuid] = {
+          invite,
+          message: untrustedMessage.getValue(),
+          trusted: false,
+        }
+      }
+    }
+
+    void this.notifyEvent(VaultInviteServiceEvent.InvitesReloaded)
+  }
+}

packages/services/src/Domain/VaultInvite/VaultInviteServiceEvent.ts

@@ -0,0 +1,4 @@
+export enum VaultInviteServiceEvent {
+  InviteSent = 'VaultInviteServiceEvent.InviteSent',
+  InvitesReloaded = 'VaultInviteServiceEvent.InvitesReloaded',
+}

packages/services/src/Domain/VaultInvite/VaultInviteServiceInterface.ts

@@ -0,0 +1,22 @@
+import { InviteRecord } from './InviteRecord'
+import { ApplicationServiceInterface } from '../Service/ApplicationServiceInterface'
+import { SharedVaultListingInterface, TrustedContactInterface } from '@standardnotes/models'
+import { ClientDisplayableError, SharedVaultInviteServerHash, SharedVaultPermission } from '@standardnotes/responses'
+import { VaultInviteServiceEvent } from './VaultInviteServiceEvent'
+import { Result } from '@standardnotes/domain-core'
+
+export interface VaultInviteServiceInterface extends ApplicationServiceInterface<VaultInviteServiceEvent, unknown> {
+  getInvitableContactsForSharedVault(sharedVault: SharedVaultListingInterface): Promise<TrustedContactInterface[]>
+  inviteContactToSharedVault(
+    sharedVault: SharedVaultListingInterface,
+    contact: TrustedContactInterface,
+    permissions: SharedVaultPermission,
+  ): Promise<Result<SharedVaultInviteServerHash>>
+  getCachedPendingInviteRecords(): InviteRecord[]
+  deleteInvite(invite: SharedVaultInviteServerHash): Promise<ClientDisplayableError | void>
+  downloadInboundInvites(): Promise<ClientDisplayableError | SharedVaultInviteServerHash[]>
+  getOutboundInvites(
+    sharedVault?: SharedVaultListingInterface,
+  ): Promise<SharedVaultInviteServerHash[] | ClientDisplayableError>
+  acceptInvite(pendingInvite: InviteRecord): Promise<void>
+}