fix import for derived accounts and hopefully make other account-access code more robust

2025-06-08 19:14:41 -06:00
parent b3ca6c9d91
commit dcd0cc4c20
6 changed files with 70 additions and 107 deletions
--- a/src/libs/crypto/index.ts
+++ b/src/libs/crypto/index.ts
@@ -32,7 +32,7 @@ export const newIdentifier = (
  publicHex: string,
  privateHex: string,
  derivationPath: string,
-): Omit<IIdentifier, keyof "provider"> => {
+): IIdentifier => {
  return {
    did: DEFAULT_DID_PROVIDER_NAME + ":" + address,
    keys: [
--- a/src/libs/util.ts
+++ b/src/libs/util.ts
@@ -42,6 +42,8 @@ import { createPeerDid } from "../libs/crypto/vc/didPeer";
 import { registerCredential } from "../libs/crypto/vc/passkeyDidPeer";
 import { logger } from "../utils/logger";
 import { PlatformServiceFactory } from "@/services/PlatformServiceFactory";
+import { sha256 } from "ethereum-cryptography/sha256";
+import { IIdentifier } from "@veramo/core";

 export interface GiverReceiverInputInfo {
  did?: string;
@@ -622,14 +624,12 @@ export const retrieveFullyDecryptedAccount = async (
  return result;
 };

-export const retrieveAllAccountsMetadata = async (): Promise<Account[]> => {
+export const retrieveAllAccountsMetadata = async (): Promise<AccountEncrypted[]> => {
  const platformService = PlatformServiceFactory.getInstance();
  const dbAccounts = await platformService.dbQuery(`SELECT * FROM accounts`);
  const accounts = databaseUtil.mapQueryResultToValues(dbAccounts) as Account[];
  let result = accounts.map((account) => {
-    // eslint-disable-next-line @typescript-eslint/no-unused-vars
-    const { identity, mnemonic, ...metadata } = account;
-    return metadata as Account;
+    return account as AccountEncrypted;
  });
  if (USE_DEXIE_DB) {
    // one of the few times we use accountsDBPromise directly; try to avoid more usage
@@ -638,7 +638,14 @@ export const retrieveAllAccountsMetadata = async (): Promise<Account[]> => {
    result = array.map((account) => {
      // eslint-disable-next-line @typescript-eslint/no-unused-vars
      const { identity, mnemonic, ...metadata } = account;
-      return metadata as Account;
+      // This is not accurate because they can't be decrypted, but we're removing Dexie anyway.
+      const identityStr = JSON.stringify(identity);
+      const encryptedAccount = {
+        identityEncrBase64: sha256(new TextEncoder().encode(identityStr)).toString(),
+        mnemonicEncrBase64: sha256(new TextEncoder().encode(account.mnemonic)).toString(),
+        ...metadata,
+      };
+      return encryptedAccount as AccountEncrypted;
    });
  }
  return result;
@@ -648,9 +655,8 @@ export const retrieveAllAccountsMetadata = async (): Promise<Account[]> => {
 * Saves a new identity to both SQL and Dexie databases
 */
 export async function saveNewIdentity(
-  identity: string,
+  identity: IIdentifier,
  mnemonic: string,
-  newId: { did: string; keys: Array<{ publicKeyHex: string }> },
  derivationPath: string,
 ): Promise<void> {
  try {
@@ -666,7 +672,8 @@ export async function saveNewIdentity(
    }
    const secretBase64 = secrets.values[0][0] as string;
    const secret = base64ToArrayBuffer(secretBase64);
-    const encryptedIdentity = await simpleEncrypt(identity, secret);
+    const identityStr = JSON.stringify(identity);
+    const encryptedIdentity = await simpleEncrypt(identityStr, secret);
    const encryptedMnemonic = await simpleEncrypt(mnemonic, secret);
    const encryptedIdentityBase64 = arrayBufferToBase64(encryptedIdentity);
    const encryptedMnemonicBase64 = arrayBufferToBase64(encryptedMnemonic);
@@ -675,13 +682,13 @@ export async function saveNewIdentity(
    const params = [
      new Date().toISOString(),
      derivationPath,
-      newId.did,
+      identity.did,
      encryptedIdentityBase64,
      encryptedMnemonicBase64,
-      newId.keys[0].publicKeyHex,
+      identity.keys[0].publicKeyHex,
    ];
    await platformService.dbExec(sql, params);
-    await databaseUtil.updateDefaultSettings({ activeDid: newId.did });
+    await databaseUtil.updateDefaultSettings({ activeDid: identity.did });

    if (USE_DEXIE_DB) {
      // one of the few times we use accountsDBPromise directly; try to avoid more usage
@@ -689,12 +696,12 @@ export async function saveNewIdentity(
      await accountsDB.accounts.add({
        dateCreated: new Date().toISOString(),
        derivationPath: derivationPath,
-        did: newId.did,
-        identity: identity,
+        did: identity.did,
+        identity: identityStr,
        mnemonic: mnemonic,
-        publicKeyHex: newId.keys[0].publicKeyHex,
+        publicKeyHex: identity.keys[0].publicKeyHex,
      });
-      await updateDefaultSettings({ activeDid: newId.did });
+      await updateDefaultSettings({ activeDid: identity.did });
    }
  } catch (error) {
    logger.error("Failed to update default settings:", error);
@@ -715,9 +722,8 @@ export const generateSaveAndActivateIdentity = async (): Promise<string> => {
    deriveAddress(mnemonic);

  const newId = newIdentifier(address, publicHex, privateHex, derivationPath);
-  const identity = JSON.stringify(newId);

-  await saveNewIdentity(identity, mnemonic, newId, derivationPath);
+  await saveNewIdentity(newId, mnemonic, derivationPath);
  await databaseUtil.updateAccountSettings(newId.did, { isRegistered: false });
  if (USE_DEXIE_DB) {
    await updateAccountSettings(newId.did, { isRegistered: false });
--- a/src/views/AccountViewView.vue
+++ b/src/views/AccountViewView.vue
@@ -1356,18 +1356,7 @@ export default class AccountViewView extends Vue {
   * Processes the identity and updates the component's state.
   */
  async processIdentity() {
-    let account: Account | undefined = undefined;
-    const platformService = PlatformServiceFactory.getInstance();
-    const dbAccount = await platformService.dbQuery(
-      "SELECT * FROM accounts WHERE did = ?",
-      [this.activeDid],
-    );
-    if (dbAccount) {
-      account = databaseUtil.mapQueryResultToValues(dbAccount)[0] as Account;
-    }
-    if (USE_DEXIE_DB) {
-      account = await retrieveAccountMetadata(this.activeDid);
-    }
+    const account = await retrieveAccountMetadata(this.activeDid);
    if (account?.identity) {
      const identity = JSON.parse(account.identity as string) as IIdentifier;
      this.publicHex = identity.keys[0].publicKeyHex;
@@ -1375,8 +1364,10 @@ export default class AccountViewView extends Vue {
      this.derivationPath = identity.keys[0].meta?.derivationPath as string;
      await this.checkLimits();
    } else if (account?.publicKeyHex) {
+      // use the backup values in the top level of the account object
      this.publicHex = account.publicKeyHex as string;
      this.publicBase64 = Buffer.from(this.publicHex, "hex").toString("base64");
+      this.derivationPath = account.derivationPath as string;
      await this.checkLimits();
    }
  }
--- a/src/views/ImportAccountView.vue
+++ b/src/views/ImportAccountView.vue
@@ -165,7 +165,7 @@ export default class ImportAccountView extends Vue {
          await accountsDB.accounts.clear();
        }
      }
-      saveNewIdentity(JSON.stringify(newId), mne, newId, this.derivationPath);
+      await saveNewIdentity(newId, mne, this.derivationPath);
      this.$router.push({ name: "account" });
      // eslint-disable-next-line @typescript-eslint/no-explicit-any
    } catch (err: any) {
--- a/src/views/ImportDerivedAccountView.vue
+++ b/src/views/ImportDerivedAccountView.vue
@@ -20,18 +20,18 @@
        Will increment the maximum known derivation path from the existing seed.
      </p>

-      <p v-if="didArrays.length > 1">
+      <p v-if="Object.keys(didArrays).length > 1">
        Choose existing DIDs from same seed phrase to compute derivation.
      </p>
      <ul class="mb-4">
        <li
-          v-for="dids in didArrays"
-          :key="dids[0]"
+          v-for="dids in Object.values(didArrays)"
+          :key="dids[0].did"
          class="block bg-slate-100 rounded-md flex items-center px-4 py-3 mb-2"
-          @click="switchAccount(dids[0])"
+          @click="switchAccount(dids[0].did)"
        >
          <font-awesome
-            v-if="dids[0] == selectedArrayFirstDid"
+            v-if="dids[0].did == selectedArrayFirstDid"
            icon="circle"
            class="fa-fw text-blue-500 text-xl mr-3"
          ></font-awesome>
@@ -41,8 +41,8 @@
            class="fa-fw text-slate-400 text-xl mr-3"
          ></font-awesome>
          <span class="overflow-hidden">
-            <div class="text-sm text-slate-500 truncate">
-              <code>{{ dids.join(",") }}</code>
+            <div class="text-sm text-slate-500">
+              <code>{{ dids.map((d) => d.did).join(" ") }}</code>
            </div>
          </span>
        </li>
@@ -69,6 +69,7 @@
 </template>

 <script lang="ts">
+import * as R from "ramda";
 import { Component, Vue } from "vue-facing-decorator";
 import { Router, RouteLocationNormalizedLoaded } from "vue-router";

@@ -80,12 +81,12 @@ import {
 } from "../libs/crypto";
 import { accountsDBPromise, db } from "../db/index";
 import { MASTER_SETTINGS_KEY } from "../db/tables/settings";
-import * as databaseUtil from "../db/databaseUtil";
-import { retrieveAllAccountsMetadata } from "../libs/util";
+import { retrieveAllAccountsMetadata, retrieveFullyDecryptedAccount, saveNewIdentity } from "../libs/util";
 import { logger } from "../utils/logger";
-import { Account } from "../db/tables/accounts";
+import { Account, AccountEncrypted } from "../db/tables/accounts";
 import { PlatformServiceFactory } from "@/services/PlatformServiceFactory";
 import { USE_DEXIE_DB } from "@/constants/app";
+
@Component({
  components: {},
 })
@@ -94,23 +95,22 @@ export default class ImportAccountView extends Vue {
  $router!: Router;

  derivationPath = DEFAULT_ROOT_DERIVATION_PATH;
-  didArrays: Array<Array<string>> = [];
+  didArrays: Record<string, Account[]> = {};
  selectedArrayFirstDid = "";

  async mounted() {
-    const accounts: Account[] = await retrieveAllAccountsMetadata();
-    const seedDids: Record<string, Array<string>> = {};
-    accounts.forEach((account) => {
-      // Since we're only getting metadata, we can't check mnemonic
-      // Instead, we'll group by derivation path
-      if (account.derivationPath) {
-        const prevDids: Array<string> = seedDids[account.derivationPath] || [];
-        seedDids[account.derivationPath] = prevDids.concat([account.did]);
-      }
-    });
-    this.didArrays = Object.values(seedDids);
-    if (this.didArrays.length > 0) {
-      this.selectedArrayFirstDid = this.didArrays[0][0];
+    const accounts: AccountEncrypted[] = await retrieveAllAccountsMetadata();
+    const decryptedAccounts: (Account | undefined)[] = await Promise.all(accounts.map(async (account) => {
+      return retrieveFullyDecryptedAccount(account.did);
+    }));
+    const filteredDecryptedAccounts: Account[] = decryptedAccounts.filter((account) => account !== undefined);
+
+    // group by account.mnemonic
+    const groupedAccounts: Record<string, Account[]> = R.groupBy((a) => a.mnemonic || "", filteredDecryptedAccounts) as Record<string, Account[]>;
+
+    this.didArrays = groupedAccounts;
+    if (Object.keys(this.didArrays).length > 0) {
+      this.selectedArrayFirstDid = Object.values(this.didArrays)[0][0].did;
    }
  }

@@ -124,60 +124,30 @@ export default class ImportAccountView extends Vue {

  public async incrementDerivation() {
    // find the maximum derivation path for the selected DIDs
-    const selectedArray: Array<string> =
-      this.didArrays.find((dids) => dids[0] === this.selectedArrayFirstDid) ||
+    const selectedArray: Array<Account> =
+      Object.values(this.didArrays).find((dids) => dids[0].did === this.selectedArrayFirstDid) ||
      [];
-    const platformService = PlatformServiceFactory.getInstance();
-    const qmarks = selectedArray.map(() => "?").join(",");
-    const queryResult = await platformService.dbQuery(
-      `SELECT * FROM accounts WHERE did IN (${qmarks})`,
-      selectedArray,
-    );
-    let allMatchingAccounts = databaseUtil.mapQueryResultToValues(
-      queryResult,
-    ) as unknown as Account[];
-    if (USE_DEXIE_DB) {
-      const accountsDB = await accountsDBPromise; // let's match derived accounts differently so we don't need the private info
-      allMatchingAccounts = (await accountsDB.accounts
-        .where("did")
-        .anyOf(...selectedArray)
-        .toArray()) as Account[];
-    }
-    const accountWithMaxDeriv = allMatchingAccounts[0];
-    allMatchingAccounts.slice(1).forEach((account) => {
-      if (
-        account.derivationPath &&
-        accountWithMaxDeriv.derivationPath &&
-        account.derivationPath > accountWithMaxDeriv.derivationPath
-      ) {
-        accountWithMaxDeriv.derivationPath = account.derivationPath;
-      }
+    // extract the derivationPath array and sort it
+    const derivationPaths = selectedArray.map((account) => account.derivationPath);
+    derivationPaths.sort((a, b) => {
+      const aParts = a?.split("/");
+      const aLast = aParts?.[aParts.length - 1];
+      const bParts = b?.split("/");
+      const bLast = bParts?.[bParts.length - 1];
+      return parseInt(aLast || "0") - parseInt(bLast || "0");
    });
-    // increment the last number in that max derivation path
-    const newDerivPath = nextDerivationPath(
-      accountWithMaxDeriv.derivationPath as string,
-    );
+    // we're sure there's at least one
+    const maxDerivPath: string = derivationPaths[derivationPaths.length - 1] as string;

-    const mne: string = accountWithMaxDeriv.mnemonic as string;
+    const newDerivPath = nextDerivationPath(maxDerivPath);

+    const mne = selectedArray[0].mnemonic as string;
    const [address, privateHex, publicHex] = deriveAddress(mne, newDerivPath);

    const newId = newIdentifier(address, publicHex, privateHex, newDerivPath);

    try {
-      const { sql, params } = databaseUtil.generateInsertStatement(
-        {
-          dateCreated: new Date().toISOString(),
-          derivationPath: newDerivPath,
-          did: newId.did,
-          identity: JSON.stringify(newId),
-          mnemonic: mne,
-          publicKeyHex: newId.keys[0].publicKeyHex,
-        },
-        "accounts",
-      );
-      const platformService = PlatformServiceFactory.getInstance();
-      await platformService.dbExec(sql, params);
+      await saveNewIdentity(newId, mne, newDerivPath);
      if (USE_DEXIE_DB) {
        const accountsDB = await accountsDBPromise;
        await accountsDB.accounts.add({
@@ -191,6 +161,7 @@ export default class ImportAccountView extends Vue {
      }

      // record that as the active DID
+      const platformService = PlatformServiceFactory.getInstance();
      await platformService.dbExec("UPDATE settings SET activeDid = ?", [
        newId.did,
      ]);
--- a/src/views/QuickActionBvcEndView.vue
+++ b/src/views/QuickActionBvcEndView.vue
@@ -167,6 +167,7 @@ import {
 } from "../libs/endorserServer";
 import { logger } from "../utils/logger";
 import { PlatformServiceFactory } from "@/services/PlatformServiceFactory";
+import { retrieveAllAccountsMetadata } from "@/libs/util";
@Component({
  methods: { claimSpecialDescription },
  components: {
@@ -229,13 +230,7 @@ export default class QuickActionBvcBeginView extends Vue {
        suppressMilliseconds: true,
      }) || "";

-    const queryResult = await platformService.dbQuery(
-      "SELECT did FROM accounts",
-    );
-    this.allMyDids =
-      databaseUtil
-        .mapQueryResultToValues(queryResult)
-        ?.map((row) => row[0] as string) || [];
+    this.allMyDids = (await retrieveAllAccountsMetadata()).map((account) => account.did);
    if (USE_DEXIE_DB) {
      const accountsDB = await accountsDBPromise;
      await accountsDB.open();