Restore from nostr part 2 (#605)

* Basic structure and entry point for restore

* Identity processor and handler

* Recover identity and company from Nostr

* Version bump for nostr-sdk

* Version bump rstest

* Life process identity chain events

* De-anonymize account when required

* Review fixes

* Fix processor block height

Author: tompro

Cargo.toml

@@ -46,11 +46,11 @@ uuid = { version = "1", default-features = false, features = ["v4", "js"] }
 bitcoin = { version = "0.32", default-features = false, features = ["serde"] }
 bip39 = { version = "2.1", features = ["rand"] }
 ecies = { version = "0.2", default-features = false, features = ["pure"] }
-nostr = { version = "0.42" }
-nostr-sdk = { version = "0.42", features = ["nip04", "nip59"] }
+nostr = { version = "0.43" }
+nostr-sdk = { version = "0.43", features = ["nip04", "nip59"] }
 getrandom = { version = "0.3.1", features = ["wasm_js"] }
 async-broadcast = "0.7.2"
-rstest = "0.25.0"
+rstest = "0.26"
 secp256k1 = { version = "0.29" }
 reqwest = { version = "0.12", default-features = false }
 miniscript = { version = "12.3" }

crates/bcr-ebill-api/src/service/company_service.rs

@@ -356,6 +356,7 @@ impl CompanyServiceApi for CompanyService {
             &previous_block,
             &IdentityCreateCompanyBlockData {
                 company_id: id.clone(),
+                company_key: company_keys.get_private_key_string(),
                 block_hash: create_company_block.hash.clone(),
             },
             &full_identity.key_pair,

crates/bcr-ebill-api/src/service/identity_service.rs

@@ -98,6 +98,9 @@ pub trait IdentityServiceApi: ServiceTraitBounds {
 
     /// sets the active identity to the given company node id
     async fn set_current_company_identity(&self, node_id: &NodeId) -> Result<()>;
+
+    /// Returns the local key pair
+    async fn get_keys(&self) -> Result<BcrKeys>;
 }
 
 /// The identity service is responsible for managing the local identity
@@ -669,6 +672,10 @@ impl IdentityServiceApi for IdentityService {
             .await?;
         Ok(())
     }
+
+    async fn get_keys(&self) -> Result<BcrKeys> {
+        Ok(self.store.get_key_pair().await?)
+    }
 }
 
 #[cfg(test)]

crates/bcr-ebill-api/src/service/notification_service/mod.rs

@@ -3,6 +3,7 @@ use bcr_ebill_core::util::crypto;
 
 pub mod chain_keys;
 pub mod event;
+pub mod restore;
 mod service;
 pub mod transport;
 

crates/bcr-ebill-api/src/service/notification_service/restore.rs

@@ -0,0 +1,11 @@
+use super::Result;
+use async_trait::async_trait;
+use bcr_ebill_core::ServiceTraitBounds;
+
+#[allow(dead_code)]
+#[cfg_attr(target_arch = "wasm32", async_trait(?Send))]
+#[cfg_attr(not(target_arch = "wasm32"), async_trait)]
+pub trait RestoreAccountApi: ServiceTraitBounds {
+    /// restores the account and all the associated data
+    async fn restore_account(&self) -> Result<()>;
+}

crates/bcr-ebill-api/src/service/notification_service/transport.rs

@@ -6,7 +6,7 @@ use bcr_ebill_core::{
 #[cfg(test)]
 use mockall::automock;
 
-use nostr::Event;
+use nostr::{Event, Filter};
 
 use super::{NostrContactData, Result, event::EventEnvelope};
 
@@ -48,4 +48,6 @@ pub trait NotificationJsonTransportApi: ServiceTraitBounds {
     ) -> Result<Vec<Event>>;
     /// Adds a new Nostr subscription on the primary client for an added contact
     async fn add_contact_subscription(&self, contact: &NodeId) -> Result<()>;
+    /// Resolves all private messages matching the filter
+    async fn resolve_private_events(&self, filter: Filter) -> Result<Vec<Event>>;
 }

crates/bcr-ebill-api/src/tests/mod.rs

@@ -11,7 +11,7 @@ pub mod tests {
             BlockchainType,
             bill::{BillBlock, BillBlockchain, BillOpCode},
             company::{CompanyBlock, CompanyBlockchain},
-            identity::IdentityBlock,
+            identity::{IdentityBlock, IdentityBlockchain},
         },
         company::{Company, CompanyKeys},
         contact::{BillIdentParticipant, BillParticipant, Contact, ContactType},
@@ -257,6 +257,7 @@ pub mod tests {
         impl IdentityChainStoreApi for IdentityChainStoreApiMock {
             async fn get_latest_block(&self) -> Result<IdentityBlock>;
             async fn add_block(&self, block: &IdentityBlock) -> Result<()>;
+            async fn get_chain(&self) -> Result<IdentityBlockchain>;
         }
     }
 

crates/bcr-ebill-core/src/blockchain/identity/mod.rs

@@ -5,7 +5,7 @@ use crate::NodeId;
 use crate::bill::BillId;
 use crate::util::{self, BcrKeys, crypto};
 use crate::{File, OptionalPostalAddress, identity::Identity};
-use borsh::to_vec;
+use borsh::{from_slice, to_vec};
 use borsh_derive::{BorshDeserialize, BorshSerialize};
 use log::error;
 use secp256k1::PublicKey;
@@ -79,7 +79,7 @@ impl From<Identity> for IdentityCreateBlockData {
     }
 }
 
-#[derive(BorshSerialize, BorshDeserialize, Debug, Clone, PartialEq)]
+#[derive(BorshSerialize, BorshDeserialize, Default, Debug, Clone, PartialEq)]
 pub struct IdentityUpdateBlockData {
     pub name: Option<String>,
     pub email: Option<String>,
@@ -112,6 +112,7 @@ pub struct IdentitySignCompanyBillBlockData {
 #[derive(BorshSerialize, BorshDeserialize, Debug, Clone, PartialEq)]
 pub struct IdentityCreateCompanyBlockData {
     pub company_id: NodeId,
+    pub company_key: String,
     pub block_hash: String,
 }
 
@@ -131,6 +132,17 @@ pub struct IdentityRemoveSignatoryBlockData {
     pub signatory: NodeId,
 }
 
+#[derive(Debug)]
+pub enum IdentityBlockPayload {
+    Create(IdentityCreateBlockData),
+    Update(IdentityUpdateBlockData),
+    SignPersonalBill(IdentitySignPersonBillBlockData),
+    SignCompanyBill(IdentitySignCompanyBillBlockData),
+    CreateCompany(IdentityCreateCompanyBlockData),
+    AddSignatory(IdentityAddSignatoryBlockData),
+    RemoveSignatory(IdentityRemoveSignatoryBlockData),
+}
+
 impl Block for IdentityBlock {
     type OpCode = IdentityOpCode;
     type BlockDataToHash = IdentityBlockDataToHash;
@@ -393,6 +405,34 @@ impl IdentityBlock {
         }
         Ok(new_block)
     }
+
+    pub fn get_block_data(&self, keys: &BcrKeys) -> Result<IdentityBlockPayload> {
+        let data = self.get_decrypted_block(keys)?;
+        let result: IdentityBlockPayload = match self.op_code {
+            IdentityOpCode::Create => IdentityBlockPayload::Create(from_slice(&data)?),
+            IdentityOpCode::Update => IdentityBlockPayload::Update(from_slice(&data)?),
+            IdentityOpCode::SignPersonBill => {
+                IdentityBlockPayload::SignPersonalBill(from_slice(&data)?)
+            }
+            IdentityOpCode::SignCompanyBill => {
+                IdentityBlockPayload::SignCompanyBill(from_slice(&data)?)
+            }
+            IdentityOpCode::CreateCompany => {
+                IdentityBlockPayload::CreateCompany(from_slice(&data)?)
+            }
+            IdentityOpCode::AddSignatory => IdentityBlockPayload::AddSignatory(from_slice(&data)?),
+            IdentityOpCode::RemoveSignatory => {
+                IdentityBlockPayload::RemoveSignatory(from_slice(&data)?)
+            }
+        };
+        Ok(result)
+    }
+
+    fn get_decrypted_block(&self, keys: &BcrKeys) -> Result<Vec<u8>> {
+        let bytes = util::base58_decode(&self.data)?;
+        let decrypted_bytes = util::crypto::decrypt_ecies(&bytes, &keys.get_private_key())?;
+        Ok(decrypted_bytes)
+    }
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone)]
@@ -424,6 +464,28 @@ impl IdentityBlockchain {
             blocks: vec![first_block],
         })
     }
+
+    /// Creates an identity chain from a list of blocks
+    pub fn new_from_blocks(blocks_to_add: Vec<IdentityBlock>) -> Result<Self> {
+        match blocks_to_add.first() {
+            None => Err(super::Error::BlockchainInvalid),
+            Some(first) => {
+                if !first.verify() || !first.validate_hash() {
+                    return Err(super::Error::BlockchainInvalid);
+                }
+
+                let chain = Self {
+                    blocks: blocks_to_add,
+                };
+
+                if !chain.is_chain_valid() {
+                    return Err(super::Error::BlockchainInvalid);
+                }
+
+                Ok(chain)
+            }
+        }
+    }
 }
 
 #[cfg(test)]
@@ -515,6 +577,7 @@ mod tests {
             chain.get_latest_block(),
             &IdentityCreateCompanyBlockData {
                 company_id: node_id_test(),
+                company_key: "some key".to_string(),
                 block_hash: "some hash".to_string(),
             },
             &keys,

crates/bcr-ebill-core/src/identity/mod.rs

@@ -1,5 +1,9 @@
 use super::{File, OptionalPostalAddress};
-use crate::{NodeId, ValidationError, util::BcrKeys};
+use crate::{
+    NodeId, ValidationError,
+    blockchain::identity::{IdentityBlockPayload, IdentityCreateBlockData},
+    util::BcrKeys,
+};
 use serde::{Deserialize, Serialize};
 
 pub mod validation;
@@ -57,6 +61,88 @@ impl Identity {
     pub fn get_nostr_name(&self) -> String {
         self.name.clone()
     }
+
+    pub fn from_block_data(data: IdentityCreateBlockData) -> Self {
+        Self {
+            t: get_identity_type(&data.postal_address),
+            node_id: data.node_id,
+            name: data.name,
+            email: data.email,
+            postal_address: data.postal_address,
+            date_of_birth: data.date_of_birth,
+            country_of_birth: data.country_of_birth,
+            city_of_birth: data.city_of_birth,
+            identification_number: data.identification_number,
+            nostr_relays: data.nostr_relays,
+            profile_picture_file: data.profile_picture_file,
+            identity_document_file: data.identity_document_file,
+        }
+    }
+
+    pub fn apply_block_data(&mut self, data: &IdentityBlockPayload) {
+        // only the update block does actually mutate the identity
+        if let IdentityBlockPayload::Update(payload) = data {
+            // check whether the account was deanonymized with the update
+            if self.t == IdentityType::Anon {
+                self.t = get_identity_type(&payload.postal_address);
+            }
+            self.name = payload.name.to_owned().unwrap_or(self.name.to_owned());
+            self.email = payload.email.to_owned().or(self.email.to_owned());
+            self.postal_address.country = payload
+                .postal_address
+                .country
+                .to_owned()
+                .or(self.postal_address.country.to_owned());
+            self.postal_address.city = payload
+                .postal_address
+                .city
+                .to_owned()
+                .or(self.postal_address.city.to_owned());
+            self.postal_address.zip = payload
+                .postal_address
+                .zip
+                .to_owned()
+                .or(self.postal_address.zip.to_owned());
+            self.postal_address.address = payload
+                .postal_address
+                .address
+                .to_owned()
+                .or(self.postal_address.address.to_owned());
+            self.date_of_birth = payload
+                .date_of_birth
+                .to_owned()
+                .or(self.date_of_birth.to_owned());
+            self.country_of_birth = payload
+                .country_of_birth
+                .to_owned()
+                .or(self.country_of_birth.to_owned());
+            self.city_of_birth = payload
+                .city_of_birth
+                .to_owned()
+                .or(self.city_of_birth.to_owned());
+            self.identification_number = payload
+                .identification_number
+                .to_owned()
+                .or(self.identification_number.to_owned());
+            self.profile_picture_file = payload
+                .profile_picture_file
+                .to_owned()
+                .or(self.profile_picture_file.to_owned());
+            self.identity_document_file = payload
+                .identity_document_file
+                .to_owned()
+                .or(self.identity_document_file.to_owned());
+        }
+    }
+}
+
+/// determines the identity type based on the postal address
+fn get_identity_type(address: &OptionalPostalAddress) -> IdentityType {
+    if address.is_fully_set() {
+        IdentityType::Ident
+    } else {
+        IdentityType::Anon
+    }
 }
 
 #[derive(Clone, Debug)]

crates/bcr-ebill-persistence/src/db/identity_chain.rs

@@ -14,7 +14,7 @@ use bcr_ebill_core::{
     PublicKey, ServiceTraitBounds,
     blockchain::{
         Block,
-        identity::{IdentityBlock, IdentityOpCode},
+        identity::{IdentityBlock, IdentityBlockchain, IdentityOpCode},
     },
 };
 use serde::{Deserialize, Serialize};
@@ -148,6 +148,28 @@ impl IdentityChainStoreApi for SurrealIdentityChainStore {
             Err(e) => Err(e),
         }
     }
+
+    async fn get_chain(&self) -> Result<IdentityBlockchain> {
+        let mut bindings = Bindings::default();
+        bindings.add(DB_TABLE, Self::TABLE)?;
+
+        let result: Vec<IdentityBlockDb> = self
+            .db
+            .query(
+                "SELECT * FROM type::table($table) ORDER BY block_id ASC",
+                bindings,
+            )
+            .await
+            .map_err(|e| {
+                log::error!("Get Identity Block: {e}");
+                e
+            })?;
+        let blocks = result
+            .into_iter()
+            .map(|b| b.into())
+            .collect::<Vec<IdentityBlock>>();
+        Ok(IdentityBlockchain::new_from_blocks(blocks)?)
+    }
 }
 
 #[derive(Debug, Clone, Serialize, Deserialize)]