Merge branch 'master' into tordev

stackernews · Nov 3, 2024 · 08b160d · 08b160d
2 parents 9e39e0b + e375cc7
commit 08b160d
Show file tree

Hide file tree

Showing 78 changed files with 2,583 additions and 1,430 deletions.
diff --git a/api/resolvers/index.js b/api/resolvers/index.js
@@ -19,6 +19,7 @@ import chainFee from './chainFee'
 import { GraphQLScalarType, Kind } from 'graphql'
 import { createIntScalar } from 'graphql-scalar'
 import paidAction from './paidAction'
+import vault from './vault'
 
 const date = new GraphQLScalarType({
   name: 'Date',
@@ -55,4 +56,4 @@ const limit = createIntScalar({
 
 export default [user, item, message, wallet, lnurl, notifications, invite, sub,
   upload, search, growth, rewards, referrals, price, admin, blockHeight, chainFee,
-  { JSONObject }, { Date: date }, { Limit: limit }, paidAction]
+  { JSONObject }, { Date: date }, { Limit: limit }, paidAction, vault]
diff --git a/api/resolvers/invite.js b/api/resolvers/invite.js
@@ -1,4 +1,4 @@
-import { inviteSchema, ssValidate } from '@/lib/validate'
+import { inviteSchema, validateSchema } from '@/lib/validate'
 import { msatsToSats } from '@/lib/format'
 import assertApiKeyNotPermitted from './apiKey'
 import { GqlAuthenticationError } from '@/lib/error'
@@ -35,7 +35,7 @@ export default {
       }
       assertApiKeyNotPermitted({ me })
 
-      await ssValidate(inviteSchema, { gift, limit })
+      await validateSchema(inviteSchema, { gift, limit })
 
       return await models.invite.create({
         data: { gift, limit, userId: me.id }

diff --git a/api/resolvers/item.js b/api/resolvers/item.js
@@ -13,7 +13,7 @@ import {
 import { msatsToSats } from '@/lib/format'
 import { parse } from 'tldts'
 import uu from 'url-unshort'
-import { actSchema, advSchema, bountySchema, commentSchema, discussionSchema, jobSchema, linkSchema, pollSchema, ssValidate } from '@/lib/validate'
+import { actSchema, advSchema, bountySchema, commentSchema, discussionSchema, jobSchema, linkSchema, pollSchema, validateSchema } from '@/lib/validate'
 import { defaultCommentSort, isJob, deleteItemByAuthor } from '@/lib/item'
 import { datePivot, whenRange } from '@/lib/time'
 import { uploadIdsFromText } from './upload'
@@ -844,7 +844,7 @@ export default {
       return await deleteItemByAuthor({ models, id, item: old })
     },
     upsertLink: async (parent, { id, ...item }, { me, models, lnd }) => {
-      await ssValidate(linkSchema, item, { models, me })
+      await validateSchema(linkSchema, item, { models, me })
 
       if (id) {
         return await updateItem(parent, { id, ...item }, { me, models, lnd })
@@ -853,7 +853,7 @@ export default {
       }
     },
     upsertDiscussion: async (parent, { id, ...item }, { me, models, lnd }) => {
-      await ssValidate(discussionSchema, item, { models, me })
+      await validateSchema(discussionSchema, item, { models, me })
 
       if (id) {
         return await updateItem(parent, { id, ...item }, { me, models, lnd })
@@ -862,7 +862,7 @@ export default {
       }
     },
     upsertBounty: async (parent, { id, ...item }, { me, models, lnd }) => {
-      await ssValidate(bountySchema, item, { models, me })
+      await validateSchema(bountySchema, item, { models, me })
 
       if (id) {
         return await updateItem(parent, { id, ...item }, { me, models, lnd })
@@ -879,7 +879,7 @@ export default {
         })
         : 0
 
-      await ssValidate(pollSchema, item, { models, me, numExistingChoices })
+      await validateSchema(pollSchema, item, { models, me, numExistingChoices })
 
       if (id) {
         return await updateItem(parent, { id, ...item }, { me, models, lnd })
@@ -894,7 +894,7 @@ export default {
       }
 
       item.location = item.location?.toLowerCase() === 'remote' ? undefined : item.location
-      await ssValidate(jobSchema, item, { models })
+      await validateSchema(jobSchema, item, { models })
       if (item.logo !== undefined) {
         item.uploadId = item.logo
         delete item.logo
@@ -907,7 +907,7 @@ export default {
       }
     },
     upsertComment: async (parent, { id, ...item }, { me, models, lnd }) => {
-      await ssValidate(commentSchema, item)
+      await validateSchema(commentSchema, item)
 
       if (id) {
         return await updateItem(parent, { id, ...item }, { me, models, lnd })
@@ -937,7 +937,7 @@ export default {
     },
     act: async (parent, { id, sats, act = 'TIP' }, { me, models, lnd, headers }) => {
       assertApiKeyNotPermitted({ me })
-      await ssValidate(actSchema, { sats, act })
+      await validateSchema(actSchema, { sats, act })
       await assertGofacYourself({ models, headers })
 
       const [item] = await models.$queryRawUnsafe(`
@@ -1369,7 +1369,7 @@ export const updateItem = async (parent, { sub: subName, forward, hash, hmac, ..
   }
 
   // in case they lied about their existing boost
-  await ssValidate(advSchema, { boost: item.boost }, { models, me, existingBoost: old.boost })
+  await validateSchema(advSchema, { boost: item.boost }, { models, me, existingBoost: old.boost })
 
   const user = await models.user.findUnique({ where: { id: meId } })
 

diff --git a/api/resolvers/notifications.js b/api/resolvers/notifications.js
@@ -1,7 +1,7 @@
 import { decodeCursor, LIMIT, nextNoteCursorEncoded } from '@/lib/cursor'
 import { getItem, filterClause, whereClause, muteClause, activeOrMine } from './item'
 import { getInvoice, getWithdrawl } from './wallet'
-import { pushSubscriptionSchema, ssValidate } from '@/lib/validate'
+import { pushSubscriptionSchema, validateSchema } from '@/lib/validate'
 import { replyToSubscription } from '@/lib/webPush'
 import { getSub } from './sub'
 import { GqlAuthenticationError, GqlInputError } from '@/lib/error'
@@ -375,7 +375,7 @@ export default {
         throw new GqlAuthenticationError()
       }
 
-      await ssValidate(pushSubscriptionSchema, { endpoint, p256dh, auth })
+      await validateSchema(pushSubscriptionSchema, { endpoint, p256dh, auth })
 
       let dbPushSubscription
       if (oldEndpoint) {

diff --git a/api/resolvers/rewards.js b/api/resolvers/rewards.js
@@ -1,4 +1,4 @@
-import { amountSchema, ssValidate } from '@/lib/validate'
+import { amountSchema, validateSchema } from '@/lib/validate'
 import { getAd, getItem } from './item'
 import { topUsers } from './user'
 import performPaidAction from '../paidAction'
@@ -171,7 +171,7 @@ export default {
   },
   Mutation: {
     donateToRewards: async (parent, { sats }, { me, models, lnd }) => {
-      await ssValidate(amountSchema, { amount: sats })
+      await validateSchema(amountSchema, { amount: sats })
 
       return await performPaidAction('DONATE', { sats }, { me, models, lnd })
     }

diff --git a/api/resolvers/sub.js b/api/resolvers/sub.js
@@ -1,5 +1,5 @@
 import { whenRange } from '@/lib/time'
-import { ssValidate, territorySchema } from '@/lib/validate'
+import { validateSchema, territorySchema } from '@/lib/validate'
 import { decodeCursor, LIMIT, nextCursorEncoded } from '@/lib/cursor'
 import { viewGroup } from './growth'
 import { notifyTerritoryTransfer } from '@/lib/webPush'
@@ -157,7 +157,7 @@ export default {
         throw new GqlAuthenticationError()
       }
 
-      await ssValidate(territorySchema, data, { models, me, sub: { name: data.oldName } })
+      await validateSchema(territorySchema, data, { models, me, sub: { name: data.oldName } })
 
       if (data.oldName) {
         return await updateSub(parent, data, { me, models, lnd })
@@ -260,7 +260,7 @@ export default {
 
       const { name } = data
 
-      await ssValidate(territorySchema, data, { models, me })
+      await validateSchema(territorySchema, data, { models, me })
 
       const oldSub = await models.sub.findUnique({ where: { name } })
       if (!oldSub) {

diff --git a/api/resolvers/user.js b/api/resolvers/user.js
@@ -2,7 +2,7 @@ import { readFile } from 'fs/promises'
 import { join, resolve } from 'path'
 import { decodeCursor, LIMIT, nextCursorEncoded } from '@/lib/cursor'
 import { msatsToSats } from '@/lib/format'
-import { bioSchema, emailSchema, settingsSchema, ssValidate, userSchema } from '@/lib/validate'
+import { bioSchema, emailSchema, settingsSchema, validateSchema, userSchema } from '@/lib/validate'
 import { getItem, updateItem, filterClause, createItem, whereClause, muteClause, activeOrMine } from './item'
 import { USER_ID, RESERVED_MAX_USER_ID, SN_NO_REWARDS_IDS, INVOICE_ACTION_NOTIFICATION_TYPES } from '@/lib/constants'
 import { viewGroup } from './growth'
@@ -632,7 +632,7 @@ export default {
         throw new GqlAuthenticationError()
       }
 
-      await ssValidate(userSchema, data, { models })
+      await validateSchema(userSchema, data, { models })
 
       try {
         await models.user.update({ where: { id: me.id }, data })
@@ -649,7 +649,7 @@ export default {
         throw new GqlAuthenticationError()
       }
 
-      await ssValidate(settingsSchema, { nostrRelays, ...data })
+      await validateSchema(settingsSchema, { nostrRelays, ...data })
 
       if (nostrRelays?.length) {
         const connectOrCreate = []
@@ -696,7 +696,7 @@ export default {
         throw new GqlAuthenticationError()
       }
 
-      await ssValidate(bioSchema, { text })
+      await validateSchema(bioSchema, { text })
 
       const user = await models.user.findUnique({ where: { id: me.id } })
 
@@ -770,7 +770,7 @@ export default {
       }
       assertApiKeyNotPermitted({ me })
 
-      await ssValidate(emailSchema, { email })
+      await validateSchema(emailSchema, { email })
 
       try {
         await models.user.update({

diff --git a/api/resolvers/vault.js b/api/resolvers/vault.js
@@ -0,0 +1,75 @@
+import { E_VAULT_KEY_EXISTS, GqlAuthenticationError, GqlInputError } from '@/lib/error'
+
+export default {
+  Query: {
+    getVaultEntry: async (parent, { key }, { me, models }, info) => {
+      if (!me) throw new GqlAuthenticationError()
+      if (!key) throw new GqlInputError('must have key')
+
+      const k = await models.vault.findUnique({
+        where: {
+          key,
+          userId: me.id
+        }
+      })
+      return k
+    },
+    getVaultEntries: async (parent, { keysFilter }, { me, models }, info) => {
+      if (!me) throw new GqlAuthenticationError()
+
+      const entries = await models.vaultEntry.findMany({
+        where: {
+          userId: me.id,
+          key: keysFilter?.length
+            ? {
+                in: keysFilter
+              }
+            : undefined
+        }
+      })
+      return entries
+    }
+  },
+  Mutation: {
+    // atomic vault migration
+    updateVaultKey: async (parent, { entries, hash }, { me, models }) => {
+      if (!me) throw new GqlAuthenticationError()
+      if (!hash) throw new GqlInputError('hash required')
+      const txs = []
+
+      const { vaultKeyHash: oldKeyHash } = await models.user.findUnique({ where: { id: me.id } })
+      if (oldKeyHash) {
+        if (oldKeyHash !== hash) {
+          throw new GqlInputError('vault key already set', E_VAULT_KEY_EXISTS)
+        } else {
+          return true
+        }
+      } else {
+        txs.push(models.user.update({
+          where: { id: me.id },
+          data: { vaultKeyHash: hash }
+        }))
+      }
+
+      for (const entry of entries) {
+        txs.push(models.vaultEntry.update({
+          where: { userId_key: { userId: me.id, key: entry.key } },
+          data: { value: entry.value, iv: entry.iv }
+        }))
+      }
+      await models.$transaction(txs)
+      return true
+    },
+    clearVault: async (parent, args, { me, models }) => {
+      if (!me) throw new GqlAuthenticationError()
+      const txs = []
+      txs.push(models.user.update({
+        where: { id: me.id },
+        data: { vaultKeyHash: '' }
+      }))
+      txs.push(models.vaultEntry.deleteMany({ where: { userId: me.id } }))
+      await models.$transaction(txs)
+      return true
+    }
+  }
+}