chore: validation, more server actions

pcarranzav · pcarranzav · commit 1e03c1268cd1 · 2025-03-21T20:50:54.000-03:00
diff --git a/apps/server/src/handlers/createAccountInbox.ts b/apps/server/src/handlers/createAccountInbox.ts
@@ -0,0 +1,18 @@
+import type { Messages } from '@graphprotocol/hypergraph';
+import { prisma } from '../prisma';
+export const createAccountInbox = async (data: Messages.RequestCreateAccountInbox) => {
+  const { accountId, inboxId, isPublic, authPolicy, encryptionPublicKey, signature } = data;
+  // This will throw an error if the inbox already exists
+  const inbox = await prisma.accountInbox.create({
+    data: {
+      id: inboxId,
+      isPublic,
+      authPolicy,
+      encryptionPublicKey,
+      signatureHex: signature.hex,
+      signatureRecovery: signature.recovery,
+      account: { connect: { id: accountId } },
+    },
+  });
+  return inbox;
+};
diff --git a/apps/server/src/handlers/createAccountInboxMessage.ts b/apps/server/src/handlers/createAccountInboxMessage.ts
@@ -24,9 +24,9 @@ export const createAccountInboxMessage = async (params: Params) => {
       ciphertext: message.ciphertext,
       nonce: message.nonce,
       ephemeralPublicKey: message.ephemeralPublicKey,
-      signatureHex: message.signature?.hex,
-      signatureRecovery: message.signature?.recovery,
-      authorAccountId: message.authorAccountId,
+      signatureHex: message.signature?.hex ?? null,
+      signatureRecovery: message.signature?.recovery ?? null,
+      authorAccountId: message.authorAccountId ?? null,
       accountInbox: {
         connect: {
           id: accountInbox.id,
diff --git a/apps/server/src/handlers/getLatestAccountInboxMessages.ts b/apps/server/src/handlers/getLatestAccountInboxMessages.ts
@@ -0,0 +1,42 @@
+import type { Messages } from '@graphprotocol/hypergraph';
+import { prisma } from '../prisma.js';
+
+interface GetLatestAccountInboxMessagesParams {
+  inboxId: string;
+  since: number;
+}
+
+export async function getLatestAccountInboxMessages({
+  inboxId,
+  since,
+}: GetLatestAccountInboxMessagesParams): Promise<Messages.InboxMessage[]> {
+  const date = new Date(since * 1000); // Convert Unix timestamp to Date
+
+  const messages = await prisma.accountInboxMessage.findMany({
+    where: {
+      accountInboxId: inboxId,
+      createdAt: {
+        gte: date,
+      },
+    },
+    orderBy: {
+      id: 'asc',
+    },
+  });
+
+  return messages.map((msg) => ({
+    id: msg.id,
+    ciphertext: msg.ciphertext,
+    nonce: msg.nonce,
+    ephemeralPublicKey: msg.ephemeralPublicKey,
+    signature:
+      msg.signatureHex && msg.signatureRecovery
+        ? {
+            hex: msg.signatureHex,
+            recovery: msg.signatureRecovery,
+          }
+        : undefined,
+    authorAccountId: msg.authorAccountId || undefined,
+    createdAt: Math.floor(msg.createdAt.getTime() / 1000), // Convert Date to Unix timestamp
+  }));
+}
diff --git a/apps/server/src/handlers/getLatestSpaceInboxMessages.ts b/apps/server/src/handlers/getLatestSpaceInboxMessages.ts
@@ -0,0 +1,42 @@
+import type { Messages } from '@graphprotocol/hypergraph';
+import { prisma } from '../prisma.js';
+
+interface GetLatestSpaceInboxMessagesParams {
+  inboxId: string;
+  since: number;
+}
+
+export async function getLatestSpaceInboxMessages({
+  inboxId,
+  since,
+}: GetLatestSpaceInboxMessagesParams): Promise<Messages.InboxMessage[]> {
+  const date = new Date(since * 1000); // Convert Unix timestamp to Date
+
+  const messages = await prisma.spaceInboxMessage.findMany({
+    where: {
+      spaceInboxId: inboxId,
+      createdAt: {
+        gte: date,
+      },
+    },
+    orderBy: {
+      id: 'asc',
+    },
+  });
+
+  return messages.map((msg) => ({
+    id: msg.id,
+    ciphertext: msg.ciphertext,
+    nonce: msg.nonce,
+    ephemeralPublicKey: msg.ephemeralPublicKey,
+    signature:
+      msg.signatureHex && msg.signatureRecovery
+        ? {
+            hex: msg.signatureHex,
+            recovery: msg.signatureRecovery,
+          }
+        : undefined,
+    authorAccountId: msg.authorAccountId || undefined,
+    createdAt: Math.floor(msg.createdAt.getTime() / 1000), // Convert Date to Unix timestamp
+  }));
+}
diff --git a/apps/server/src/handlers/getSpace.ts b/apps/server/src/handlers/getSpace.ts
@@ -62,37 +62,29 @@ export const getSpace = async ({ spaceId, accountId }: Params) => {
     };
   });
 
-  const formatUpdate = (update) => {
-    return {
-      accountId: update.accountId,
-      update: new Uint8Array(update.content),
-      signature: {
-        hex: update.signatureHex,
-        recovery: update.signatureRecovery,
-      },
-      updateId: update.updateId,
-    };
-  };
-
-  const formatInbox = (inbox) => {
-    return {
+  return {
+    id: space.id,
+    events: space.events.map((wrapper) => JSON.parse(wrapper.event)),
+    keyBoxes,
+    inboxes: space.inboxes.map((inbox) => ({
       inboxId: inbox.id,
       isPublic: inbox.isPublic,
       authPolicy: inbox.authPolicy,
       encryptionPublicKey: inbox.encryptionPublicKey,
       secretKey: inbox.encryptedSecretKey,
-    };
-  };
-
-  return {
-    id: space.id,
-    events: space.events.map((wrapper) => JSON.parse(wrapper.event)),
-    keyBoxes,
-    inboxes: space.inboxes.map(formatInbox),
+    })),
     updates:
       space.updates.length > 0
         ? {
-            updates: space.updates.map(formatUpdate),
+            updates: space.updates.map((update) => ({
+              accountId: update.accountId,
+              update: new Uint8Array(update.content),
+              signature: {
+                hex: update.signatureHex,
+                recovery: update.signatureRecovery,
+              },
+              updateId: update.updateId,
+            })),
             firstUpdateClock: space.updates[0].clock,
             lastUpdateClock: space.updates[space.updates.length - 1].clock,
           }
diff --git a/apps/server/src/index.ts b/apps/server/src/index.ts
@@ -7,15 +7,19 @@ import { SiweMessage } from 'siwe';
 import type { Hex } from 'viem';
 import WebSocket, { WebSocketServer } from 'ws';
 import { applySpaceEvent } from './handlers/applySpaceEvent.js';
+import { createAccountInbox } from './handlers/createAccountInbox.js';
 import { createAccountInboxMessage } from './handlers/createAccountInboxMessage.js';
 import { createIdentity } from './handlers/createIdentity.js';
 import { createSpace } from './handlers/createSpace.js';
 import { createSpaceInboxMessage } from './handlers/createSpaceInboxMessage.js';
 import { createUpdate } from './handlers/createUpdate.js';
 import { getAccountInbox } from './handlers/getAccountInbox.js';
 import { type GetIdentityResult, getIdentity } from './handlers/getIdentity.js';
+import { getLatestAccountInboxMessages } from './handlers/getLatestAccountInboxMessages.js';
+import { getLatestSpaceInboxMessages } from './handlers/getLatestSpaceInboxMessages.js';
 import { getSpace } from './handlers/getSpace.js';
 import { getSpaceInbox } from './handlers/getSpaceInbox.js';
+import { listAccountInboxes } from './handlers/listAccountInboxes.js';
 import { listInvitations } from './handlers/listInvitations.js';
 import { listPublicAccountInboxes } from './handlers/listPublicAccountInboxes.js';
 import { listPublicSpaceInboxes } from './handlers/listPublicSpaceInboxes.js';
@@ -358,7 +362,6 @@ app.post('/spaces/:spaceId/inboxes/:inboxId/messages', async (req, res) => {
   broadcastSpaceInboxMessage({ spaceId, inboxId, message });
 });
 
-// TODO same as above but for account inboxes
 app.get('/accounts/:accountId/inboxes', async (req, res) => {
   console.log('GET accounts/:accountId/inboxes');
   const accountId = req.params.accountId;
@@ -499,6 +502,18 @@ function broadcastSpaceInboxMessage({
   }
 }
 
+function broadcastAccountInbox({ inbox }: { inbox: Messages.AccountInboxPublic }) {
+  const outgoingMessage: Messages.ResponseAccountInbox = {
+    type: 'account-inbox',
+    inbox,
+  };
+  for (const client of webSocketServer.clients as Set<CustomWebSocket>) {
+    if (client.readyState === WebSocket.OPEN && client.accountId === inbox.accountId) {
+      client.send(Messages.serialize(outgoingMessage));
+    }
+  }
+}
+
 function broadcastAccountInboxMessage({
   accountId,
   inboxId,
@@ -660,17 +675,65 @@ webSocketServer.on('connection', async (webSocket: CustomWebSocket, request: Req
         }
         case 'create-account-inbox': {
           // TODO
-          // Check that the signature is valid for the corresponding accountId
-          // Create the inbox (if it doesn't exist)
-          // Broadcast the inbox to other clients from the same account
+          try {
+            // Check that the signature is valid for the corresponding accountId
+            if (data.accountId !== accountId) {
+              throw new Error('Invalid accountId');
+            }
+            const signer = Inboxes.recoverAccountInboxCreatorKey(data);
+            if (signer !== accountId) {
+              throw new Error('Invalid signature');
+            }
+            // Create the inbox (if it doesn't exist)
+            await createAccountInbox(data);
+            // Broadcast the inbox to other clients from the same account
+            broadcastAccountInbox({ inbox: data });
+          } catch (error) {
+            console.error('Error creating account inbox:', error);
+            return;
+          }
           break;
         }
         case 'get-latest-space-inbox-messages': {
-          // TODO
+          try {
+            // Check that the user has access to this space
+            await getSpace({ accountId, spaceId: data.spaceId });
+            const messages = await getLatestSpaceInboxMessages({
+              inboxId: data.inboxId,
+              since: data.since,
+            });
+            const outgoingMessage: Messages.ResponseSpaceInboxMessages = {
+              type: 'space-inbox-messages',
+              spaceId: data.spaceId,
+              inboxId: data.inboxId,
+              messages,
+            };
+            webSocket.send(Messages.serialize(outgoingMessage));
+          } catch (error) {
+            console.error('Error getting latest space inbox messages:', error);
+            return;
+          }
           break;
         }
         case 'get-latest-account-inbox-messages': {
-          // TODO
+          try {
+            // Check that the user has access to this inbox
+            await getAccountInbox({ accountId, inboxId: data.inboxId });
+            const messages = await getLatestAccountInboxMessages({
+              inboxId: data.inboxId,
+              since: data.since,
+            });
+            const outgoingMessage: Messages.ResponseAccountInboxMessages = {
+              type: 'account-inbox-messages',
+              accountId,
+              inboxId: data.inboxId,
+              messages,
+            };
+            webSocket.send(Messages.serialize(outgoingMessage));
+          } catch (error) {
+            console.error('Error getting latest account inbox messages:', error);
+            return;
+          }
           break;
         }
         case 'get-account-inboxes': {
diff --git a/packages/hypergraph/src/inboxes/message-validation.ts b/packages/hypergraph/src/inboxes/message-validation.ts
@@ -0,0 +1,49 @@
+import { Identity, Messages } from '@graphprotocol/hypergraph';
+import type { AccountInboxStorageEntry, SpaceInboxStorageEntry } from '../store.js';
+import { recoverAccountInboxMessageSigner, recoverSpaceInboxMessageSigner } from './recover-inbox-message-signer.js';
+
+export const validateSpaceInboxMessage = async (
+  message: Messages.InboxMessage,
+  inbox: SpaceInboxStorageEntry,
+  spaceId: string,
+  syncServerUri: string,
+) => {
+  if (message.signature) {
+    if (inbox.authPolicy === Messages.InboxSenderAuthPolicy.Anonymous) {
+      // Signed messages are invalid in anonymous inboxes
+      return false;
+    }
+    if (!message.authorAccountId) {
+      // Signed message without authorAccountId is invalid
+      return false;
+    }
+    const signer = recoverSpaceInboxMessageSigner(message, spaceId, inbox.inboxId);
+    const verifiedIdentity = await Identity.getVerifiedIdentity(message.authorAccountId, syncServerUri);
+    return signer === verifiedIdentity.signaturePublicKey;
+  }
+  // Unsigned message is valid if the inbox is anonymous or optional auth
+  return inbox.authPolicy !== Messages.InboxSenderAuthPolicy.RequiresAuth;
+};
+
+export const validateAccountInboxMessage = async (
+  message: Messages.InboxMessage,
+  inbox: AccountInboxStorageEntry,
+  accountId: string,
+  syncServerUri: string,
+) => {
+  if (message.signature) {
+    if (inbox.authPolicy === Messages.InboxSenderAuthPolicy.Anonymous) {
+      // Signed messages are invalid in anonymous inboxes
+      return false;
+    }
+    if (!message.authorAccountId) {
+      // Signed message without authorAccountId is invalid
+      return false;
+    }
+    const signer = recoverAccountInboxMessageSigner(message, accountId, inbox.inboxId);
+    const verifiedIdentity = await Identity.getVerifiedIdentity(message.authorAccountId, syncServerUri);
+    return signer === verifiedIdentity.signaturePublicKey;
+  }
+  // Unsigned message is valid if the inbox is anonymous or optional auth
+  return inbox.authPolicy !== Messages.InboxSenderAuthPolicy.RequiresAuth;
+};
