synonymdev · ovitrif · Apr 21, 2025 · Mar 24, 2025 · Mar 25, 2025 · Mar 26, 2025
diff --git a/app/build.gradle.kts b/app/build.gradle.kts
@@ -142,6 +142,7 @@ dependencies {
     implementation(libs.material)
     implementation(libs.datastore.preferences)
     implementation(libs.kotlinx.datetime)
+    implementation(libs.biometric)
     implementation(libs.zxing)
     implementation(libs.barcode.scanning)
     // CameraX

diff --git a/app/src/androidTest/java/to/bitkit/data/keychain/KeychainTest.kt b/app/src/androidTest/java/to/bitkit/data/keychain/KeychainTest.kt
@@ -99,6 +99,16 @@ class KeychainTest : BaseAndroidTest() {
         assertTrue { sut.snapshot.asMap().isEmpty() }
     }
 
+    @Test
+    fun pinAttemptsRemaining_shouldReturnDecryptedValue() = test {
+        val attemptsRemaining = "3"
+        sut.saveString(Keychain.Key.PIN_ATTEMPTS_REMAINING.name, attemptsRemaining)
+
+        val result = sut.pinAttemptsRemaining().first()
+
+        assertEquals(attemptsRemaining, result.toString())
+    }
+
     @After
     fun tearDown() {
         db.close()

diff --git a/app/src/main/java/to/bitkit/data/SettingsStore.kt b/app/src/main/java/to/bitkit/data/SettingsStore.kt
@@ -47,17 +47,17 @@ class SettingsStore @Inject constructor(
         store.edit { it[SELECTED_CURRENCY_KEY] = currency }
     }
 
-    val showEmptyState: Flow<Boolean> = store.data.map { it[SHOW_EMPTY_STATE] ?: false }
+    val showEmptyState: Flow<Boolean> = store.data.map { it[SHOW_EMPTY_STATE] == true }
     suspend fun setShowEmptyState(show: Boolean) {
         store.edit { it[SHOW_EMPTY_STATE] = show }
     }
 
-    val hasSeenSpendingIntro: Flow<Boolean> = store.data.map { it[HAS_SEEN_SPENDING_INTRO] ?: false }
+    val hasSeenSpendingIntro: Flow<Boolean> = store.data.map { it[HAS_SEEN_SPENDING_INTRO] == true }
     suspend fun setHasSeenSpendingIntro(value: Boolean) {
         store.edit { it[HAS_SEEN_SPENDING_INTRO] = value }
     }
 
-    val hasSeenSavingsIntro: Flow<Boolean> = store.data.map { it[HAS_SEEN_SAVINGS_INTRO] ?: false }
+    val hasSeenSavingsIntro: Flow<Boolean> = store.data.map { it[HAS_SEEN_SAVINGS_INTRO] == true }
     suspend fun setHasSeenSavingsIntro(value: Boolean) {
         store.edit { it[HAS_SEEN_SAVINGS_INTRO] = value }
     }
@@ -67,6 +67,15 @@ class SettingsStore @Inject constructor(
         store.edit { it[LIGHTNING_SETUP_STEP] = value }
     }
 
+    val isPinEnabled: Flow<Boolean> = store.data.map { it[IS_PIN_ENABLED] == true }
+    suspend fun setIsPinEnabled(value: Boolean) { store.edit { it[IS_PIN_ENABLED] = value } }
+
+    val isPinOnLaunchEnabled: Flow<Boolean> = store.data.map { it[IS_PIN_ON_LAUNCH_ENABLED] == true }
+    suspend fun setIsPinOnLaunchEnabled(value: Boolean) { store.edit { it[IS_PIN_ON_LAUNCH_ENABLED] = value } }
+
+    val isBiometricEnabled: Flow<Boolean> = store.data.map { it[IS_BIOMETRIC_ENABLED] == true }
+    suspend fun setIsBiometricEnabled(value: Boolean) { store.edit { it[IS_BIOMETRIC_ENABLED] = value } }
+
     private companion object {
         private val PRIMARY_DISPLAY_UNIT_KEY = stringPreferencesKey("primary_display_unit")
         private val BTC_DISPLAY_UNIT_KEY = stringPreferencesKey("btc_display_unit")
@@ -75,5 +84,8 @@ class SettingsStore @Inject constructor(
         private val HAS_SEEN_SPENDING_INTRO = booleanPreferencesKey("has_seen_spending_intro")
         private val HAS_SEEN_SAVINGS_INTRO = booleanPreferencesKey("has_seen_savings_intro")
         private val LIGHTNING_SETUP_STEP = intPreferencesKey("lightning_setup_step")
+        private val IS_PIN_ENABLED = booleanPreferencesKey("is_pin_enabled")
+        private val IS_PIN_ON_LAUNCH_ENABLED = booleanPreferencesKey("is_pin_on_launch_enabled")
+        private val IS_BIOMETRIC_ENABLED = booleanPreferencesKey("is_biometric_enabled")
     }
 }
diff --git a/app/src/main/java/to/bitkit/data/keychain/AndroidKeyStore.kt b/app/src/main/java/to/bitkit/data/keychain/AndroidKeyStore.kt
@@ -32,11 +32,11 @@ class AndroidKeyStore(
         if (!keyStore.containsAlias(alias)) {
             try {
                 val generator = KeyGenerator.getInstance(algorithm, type)
-                generator.init(buildSpec(true))
+                generator.init(buildSpec(isStrongboxBacked = true))
                 generator.generateKey()
-            } catch (e: StrongBoxUnavailableException) {
+            } catch (_: StrongBoxUnavailableException) {
                 val generator = KeyGenerator.getInstance(algorithm, type)
-                generator.init(buildSpec(false))
+                generator.init(buildSpec(isStrongboxBacked = false))
                 generator.generateKey()
             }
         }

diff --git a/app/src/main/java/to/bitkit/data/keychain/Keychain.kt b/app/src/main/java/to/bitkit/data/keychain/Keychain.kt
@@ -8,6 +8,7 @@ import androidx.datastore.preferences.preferencesDataStore
 import dagger.hilt.android.qualifiers.ApplicationContext
 import kotlinx.coroutines.CoroutineDispatcher
 import kotlinx.coroutines.flow.Flow
+import kotlinx.coroutines.flow.distinctUntilChanged
 import kotlinx.coroutines.flow.first
 import kotlinx.coroutines.flow.map
 import org.lightningdevkit.ldknode.Network
@@ -32,7 +33,9 @@ class Keychain @Inject constructor(
     private val keyStore by lazy { AndroidKeyStore(alias) }
 
     private val Context.keychain by preferencesDataStore(alias, scope = this)
-    val snapshot get() = runBlocking(this.coroutineContext) { context.keychain.data.first() }
+    private val keychain = context.keychain
+
+    val snapshot get() = runBlocking(this.coroutineContext) { keychain.data.first() }
 
     fun loadString(key: String): String? = load(key)?.decodeToString()
 
@@ -41,7 +44,7 @@ class Keychain @Inject constructor(
             return snapshot[key.indexed]?.fromBase64()?.let {
                 keyStore.decrypt(it)
             }
-        } catch (e: Exception) {
+        } catch (_: Exception) {
             throw KeychainError.FailedToLoad(key)
         }
     }
@@ -53,17 +56,28 @@ class Keychain @Inject constructor(
 
         try {
             val encryptedValue = keyStore.encrypt(value)
-            context.keychain.edit { it[key.indexed] = encryptedValue.toBase64() }
-        } catch (e: Exception) {
+            keychain.edit { it[key.indexed] = encryptedValue.toBase64() }
+        } catch (_: Exception) {
             throw KeychainError.FailedToSave(key)
         }
         Logger.info("Saved to keychain: $key")
     }
 
+    /** Inserts or replaces a string value associated with a given key in the keychain. */
+    suspend fun upsertString(key: String, value: String) {
+        try {
+            val encryptedValue = keyStore.encrypt(value.toByteArray())
+            keychain.edit { it[key.indexed] = encryptedValue.toBase64() }
+        } catch (_: Exception) {
+            throw KeychainError.FailedToSave(key)
+        }
+        Logger.info("Saved/updated in keychain: $key")
+    }
+
     suspend fun delete(key: String) {
         try {
-            context.keychain.edit { it.remove(key.indexed) }
-        } catch (e: Exception) {
+            keychain.edit { it.remove(key.indexed) }
+        } catch (_: Exception) {
             throw KeychainError.FailedToDelete(key)
         }
         Logger.debug("Deleted from keychain: $key")
@@ -73,13 +87,11 @@ class Keychain @Inject constructor(
         return snapshot.contains(key.indexed)
     }
 
-    fun observeExists(key: Key): Flow<Boolean> = context.keychain.data.map { it.contains(key.name.indexed) }
-
     suspend fun wipe() {
         if (Env.network != Network.REGTEST) throw KeychainError.KeychainWipeNotAllowed()
 
         val keys = snapshot.asMap().keys
-        context.keychain.edit { it.clear() }
+        keychain.edit { it.clear() }
 
         Logger.info("Deleted all keychain entries: ${keys.joinToString()}")
     }
@@ -90,10 +102,24 @@ class Keychain @Inject constructor(
             return "${this}_$walletIndex".let(::stringPreferencesKey)
         }
 
+    fun pinAttemptsRemaining(): Flow<Int?> {
+        return keychain.data
+            .map { it[Key.PIN_ATTEMPTS_REMAINING.name.indexed] }
+            .distinctUntilChanged()
+            .map { encrypted ->
+                encrypted?.fromBase64()?.let { bytes ->
+                    keyStore.decrypt(bytes).decodeToString()
+                }
+            }
+            .map { string -> string?.toIntOrNull() }
+    }
+
     enum class Key {
         PUSH_NOTIFICATION_TOKEN,
         PUSH_NOTIFICATION_PRIVATE_KEY,
         BIP39_MNEMONIC,
-        BIP39_PASSPHRASE;
+        BIP39_PASSPHRASE,
+        PIN,
+        PIN_ATTEMPTS_REMAINING,
     }
 }
diff --git a/app/src/main/java/to/bitkit/env/Env.kt b/app/src/main/java/to/bitkit/env/Env.kt
@@ -102,4 +102,7 @@ internal object Env {
             address = "34.65.86.104:9400",
         )
     }
+
+    const val PIN_LENGTH = 4
+    const val PIN_ATTEMPTS = 8
 }
diff --git a/app/src/main/java/to/bitkit/ui/ContentView.kt b/app/src/main/java/to/bitkit/ui/ContentView.kt
@@ -75,6 +75,7 @@ import to.bitkit.ui.settings.GeneralSettingsScreen
 import to.bitkit.ui.settings.LightningSettingsScreen
 import to.bitkit.ui.settings.LocalCurrencySettingsScreen
 import to.bitkit.ui.settings.OrderDetailScreen
+import to.bitkit.ui.settings.SecuritySettingsScreen
 import to.bitkit.ui.settings.SettingsScreen
 import to.bitkit.ui.settings.backups.BackupWalletScreen
 import to.bitkit.ui.settings.backups.RestoreWalletScreen
@@ -228,6 +229,7 @@ fun ContentView(
                 settings(walletViewModel, navController)
                 nodeState(walletViewModel, navController)
                 generalSettings(navController)
+                securitySettings(navController)
                 defaultUnitSettings(currencyViewModel, navController)
                 localCurrencySettings(currencyViewModel, navController)
                 backupSettings(navController)
@@ -470,6 +472,12 @@ private fun NavGraphBuilder.generalSettings(navController: NavHostController) {
     }
 }
 
+private fun NavGraphBuilder.securitySettings(navController: NavHostController) {
+    composableWithDefaultTransitions<Routes.SecuritySettings> {
+        SecuritySettingsScreen(navController)
+    }
+}
+
 private fun NavGraphBuilder.defaultUnitSettings(
     currencyViewModel: CurrencyViewModel,
     navController: NavHostController,
@@ -659,6 +667,10 @@ fun NavController.navigateToGeneralSettings() = navigate(
     route = Routes.GeneralSettings,
 )
 
+fun NavController.navigateToSecuritySettings() = navigate(
+    route = Routes.SecuritySettings,
+)
+
 fun NavController.navigateToDefaultUnitSettings() = navigate(
     route = Routes.DefaultUnitSettings,
 )
@@ -749,6 +761,9 @@ object Routes {
     @Serializable
     data object GeneralSettings
 
+    @Serializable
+    data object SecuritySettings
+
     @Serializable
     data object DefaultUnitSettings
 

diff --git a/app/src/main/java/to/bitkit/ui/MainActivity.kt b/app/src/main/java/to/bitkit/ui/MainActivity.kt
@@ -1,18 +1,21 @@
 package to.bitkit.ui
 
 import android.os.Bundle
-import androidx.activity.ComponentActivity
 import androidx.activity.compose.setContent
 import androidx.activity.viewModels
+import androidx.compose.runtime.getValue
 import androidx.compose.runtime.rememberCoroutineScope
 import androidx.core.splashscreen.SplashScreen.Companion.installSplashScreen
+import androidx.fragment.app.FragmentActivity
+import androidx.lifecycle.compose.collectAsStateWithLifecycle
 import androidx.navigation.compose.NavHost
 import androidx.navigation.compose.composable
 import androidx.navigation.compose.rememberNavController
 import androidx.navigation.toRoute
 import dagger.hilt.android.AndroidEntryPoint
 import kotlinx.coroutines.launch
 import kotlinx.serialization.Serializable
+import to.bitkit.ui.components.AuthCheckView
 import to.bitkit.ui.components.ToastOverlay
 import to.bitkit.ui.onboarding.CreateWalletWithPassphraseScreen
 import to.bitkit.ui.onboarding.IntroScreen
@@ -36,7 +39,7 @@ import to.bitkit.viewmodels.TransferViewModel
 import to.bitkit.viewmodels.WalletViewModel
 
 @AndroidEntryPoint
-class MainActivity : ComponentActivity() {
+class MainActivity : FragmentActivity() {
     private val appViewModel by viewModels<AppViewModel>()
     private val walletViewModel by viewModels<WalletViewModel>()
     private val blocktankViewModel by viewModels<BlocktankViewModel>()
@@ -168,14 +171,24 @@ class MainActivity : ComponentActivity() {
                         }
                     }
                 } else {
-                    ContentView(
-                        appViewModel = appViewModel,
-                        walletViewModel = walletViewModel,
-                        blocktankViewModel = blocktankViewModel,
-                        currencyViewModel = currencyViewModel,
-                        activityListViewModel = activityListViewModel,
-                        transferViewModel = transferViewModel,
-                    )
+                    val isAuthenticated by appViewModel.isAuthenticated.collectAsStateWithLifecycle()
+
+                    if (!isAuthenticated) {
+                        AuthCheckView(
+                            showLogoOnPin = true,
+                            appViewModel = appViewModel,
+                            onSuccess = { appViewModel.setIsAuthenticated(true) },
+                        )
+                    } else {
+                        ContentView(
+                            appViewModel = appViewModel,
+                            walletViewModel = walletViewModel,
+                            blocktankViewModel = blocktankViewModel,
+                            currencyViewModel = currencyViewModel,
+                            activityListViewModel = activityListViewModel,
+                            transferViewModel = transferViewModel,
+                        )
+                    }
                 }
 
                 ToastOverlay(