fix(keystore/wasm): stop using Database::open() in keystore migrations

This would result in infinite recursion

Author: SimonThormeyer

keystore/src/connection/platform/wasm/migrations/v6/mod.rs

@@ -1,44 +1,36 @@
 //! This migration merges signature keypair and credential data
-
 mod v5_entities;
 
 use idb::builder::DatabaseBuilder;
 
 use super::DB_VERSION_6;
 use crate::{
     CryptoKeystoreResult, Database, DatabaseKey,
-    connection::FetchFromDatabase,
-    entities::{EntityBase as _, EntityFindParams, EntityTransactionExt, StoredCredential},
+    entities::{Entity, EntityBase as _, EntityFindParams, EntityTransactionExt},
     migrations::{StoredSignatureKeypair, V5Credential, migrate_to_new_credential},
 };
 
 /// Open IDB once with the new builder and close it, this will apply the update.
 pub(super) async fn migrate(name: &str, key: &DatabaseKey) -> CryptoKeystoreResult<u32> {
-    let db_before_migration = Database::open(crate::ConnectionType::Persistent(name), key).await?;
-    let signature_keys = db_before_migration
-        .find_all::<StoredSignatureKeypair>(EntityFindParams::default())
-        .await?;
-    let v5_credentials = db_before_migration
-        .find_all::<V5Credential>(EntityFindParams::default())
-        .await?;
-
-    let connection = db_before_migration.conn().await?;
-    let mut tx_creator = connection.conn().await;
-    let tx = tx_creator
-        .new_transaction(&[&StoredCredential::COLLECTION_NAME])
-        .await?;
-
-    for signature_key in signature_keys.iter() {
-        for v5_credential in v5_credentials.iter() {
-            if let Some(new_credential) = migrate_to_new_credential(v5_credential, signature_key)? {
-                super::delete_credential_by_value(&tx, v5_credential.credential.clone()).await?;
-                new_credential.save(&tx).await?;
+    let previous_builder = super::v5::get_builder(name);
+    let mut db_during_migration = Database::migration_connection(previous_builder, key).await?;
+    let signature_keys =
+        StoredSignatureKeypair::find_all(&mut db_during_migration, EntityFindParams::default()).await?;
+    let v5_credentials = V5Credential::find_all(&mut db_during_migration, EntityFindParams::default()).await?;
+
+    Database::migration_transaction(db_during_migration, async |tx| {
+        for signature_key in signature_keys.iter() {
+            for v5_credential in v5_credentials.iter() {
+                if let Some(new_credential) = migrate_to_new_credential(v5_credential, signature_key)? {
+                    super::delete_credential_by_value(tx, v5_credential.credential.clone()).await?;
+                    new_credential.save(tx).await?;
+                }
             }
         }
-    }
 
-    db_before_migration.commit_transaction().await?;
-    db_before_migration.close().await?;
+        Ok(())
+    })
+    .await?;
 
     let migrated_idb = get_builder(name).build().await?;
     let version = migrated_idb.version()?;

keystore/src/connection/platform/wasm/migrations/v7/mod.rs

@@ -5,45 +5,37 @@ use idb::builder::DatabaseBuilder;
 use super::DB_VERSION_7;
 use crate::{
     CryptoKeystoreResult, Database, DatabaseKey,
-    connection::FetchFromDatabase as _,
-    entities::{EntityBase as _, EntityFindParams, EntityTransactionExt as _, PersistedMlsGroup, StoredCredential},
+    entities::{Entity as _, EntityFindParams, EntityTransactionExt as _, PersistedMlsGroup, StoredCredential},
     migrations::{V6Credential, make_ciphersuite_for_signature_scheme},
 };
 
 /// Open IDB once with the new builder and close it, this will apply the update.
 pub(super) async fn migrate(name: &str, key: &DatabaseKey) -> CryptoKeystoreResult<u32> {
-    let db_before_migration = Database::open(crate::ConnectionType::Persistent(name), key).await?;
-    let persisted_mls_groups = db_before_migration
-        .find_all::<PersistedMlsGroup>(EntityFindParams::default())
-        .await?;
+    let previous_builder = super::v6::get_builder(name);
+    let mut db_during_migration = Database::migration_connection(previous_builder, key).await?;
+    let persisted_mls_groups =
+        PersistedMlsGroup::find_all(&mut db_during_migration, EntityFindParams::default()).await?;
     let ciphersuite_for_signature_scheme = make_ciphersuite_for_signature_scheme(persisted_mls_groups)?;
-    let v6_credentials = db_before_migration
-        .find_all::<V6Credential>(EntityFindParams::default())
-        .await?;
-
-    let connection = db_before_migration.conn().await?;
-    let mut tx_creator = connection.conn().await;
-    let tx = tx_creator
-        .new_transaction(&[&StoredCredential::COLLECTION_NAME])
-        .await?;
-
-    for v6_credential in v6_credentials {
-        if let Some(ciphersuite) = ciphersuite_for_signature_scheme(v6_credential.signature_scheme) {
-            let new_credential = StoredCredential {
-                ciphersuite,
-                id: v6_credential.id.clone(),
-                credential: v6_credential.credential.clone(),
-                created_at: v6_credential.created_at,
-                public_key: v6_credential.public_key.clone(),
-                secret_key: v6_credential.secret_key.clone(),
-            };
-            new_credential.save(&tx).await?;
-            super::delete_credential_by_value(&tx, v6_credential.credential.clone()).await?;
+    let v6_credentials = V6Credential::find_all(&mut db_during_migration, EntityFindParams::default()).await?;
+
+    Database::migration_transaction(db_during_migration, async |tx| {
+        for v6_credential in v6_credentials {
+            if let Some(ciphersuite) = ciphersuite_for_signature_scheme(v6_credential.signature_scheme) {
+                let new_credential = StoredCredential {
+                    ciphersuite,
+                    id: v6_credential.id.clone(),
+                    credential: v6_credential.credential.clone(),
+                    created_at: v6_credential.created_at,
+                    public_key: v6_credential.public_key.clone(),
+                    secret_key: v6_credential.secret_key.clone(),
+                };
+                new_credential.save(tx).await?;
+                super::delete_credential_by_value(tx, v6_credential.credential.clone()).await?;
+            }
         }
-    }
-
-    db_before_migration.commit_transaction().await?;
-    db_before_migration.close().await?;
+        Ok(())
+    })
+    .await?;
 
     let migrated_idb = get_builder(name).build().await?;
     let version = migrated_idb.version()?;

keystore/src/connection/platform/wasm/migrations/v8.rs

@@ -8,57 +8,50 @@ use idb::{
 use super::DB_VERSION_8;
 use crate::{
     CryptoKeystoreResult, Database, DatabaseKey,
-    connection::FetchFromDatabase as _,
-    entities::{EntityBase, EntityFindParams, PersistedMlsGroup, StoredCredential},
+    entities::{Entity as _, EntityBase, EntityFindParams, PersistedMlsGroup, StoredCredential},
     migrations::{detect_duplicate_credentials, make_least_used_ciphersuite},
 };
 
 /// Open IDB once with the new builder and close it, this will apply the update.
 pub(super) async fn migrate(name: &str, key: &DatabaseKey) -> CryptoKeystoreResult<u32> {
-    let db_before_migration = Database::open(crate::ConnectionType::Persistent(name), key).await?;
-    let persisted_mls_groups = db_before_migration
-        .find_all::<PersistedMlsGroup>(EntityFindParams::default())
-        .await?;
+    let previous_builder = super::v7::get_builder(name);
+    let mut db_during_migration = Database::migration_connection(previous_builder, key).await?;
+    let persisted_mls_groups =
+        PersistedMlsGroup::find_all(&mut db_during_migration, EntityFindParams::default()).await?;
+
     let least_used_ciphersuite = make_least_used_ciphersuite(persisted_mls_groups)?;
-    let credentials = db_before_migration
-        .find_all::<StoredCredential>(EntityFindParams::default())
-        .await?;
+    let credentials = StoredCredential::find_all(&mut db_during_migration, EntityFindParams::default()).await?;
     let duplicates = detect_duplicate_credentials(&credentials);
 
-    let connection = db_before_migration.conn().await?;
-    let mut tx_creator = connection.conn().await;
-    let tx = tx_creator
-        .new_transaction(&[&StoredCredential::COLLECTION_NAME])
-        .await?;
-
-    for (cred_a, cred_b) in duplicates.into_iter() {
-        let least_used_ciphersuite = least_used_ciphersuite(cred_a.ciphersuite, cred_b.ciphersuite);
-        match least_used_ciphersuite {
-            None => {
-                // If the least used ciphersuite couldn't be determined, something in the data is not what we assume
-                //
-                // a) the duplicate doesn't form a pair of ciphersuites with a matching signature scheme (error in
-                // previous meta migration)
-                //
-                // b) both ciphersuites don't get used in any mls group
-                //
-                // In both cases, what we want to do is delete both credentials.
-                super::delete_credential_by_value(&tx, cred_a.credential.clone()).await?;
-                super::delete_credential_by_value(&tx, cred_b.credential.clone()).await?;
-            }
-            Some(least_used_ciphersuite) => {
-                let cred_to_delete = if least_used_ciphersuite == cred_a.ciphersuite {
-                    cred_a.credential.clone()
-                } else {
-                    cred_b.credential.clone()
-                };
-                super::delete_credential_by_value(&tx, cred_to_delete).await?;
-            }
-        };
-    }
-
-    db_before_migration.commit_transaction().await?;
-    db_before_migration.close().await?;
+    Database::migration_transaction(db_during_migration, async |tx| {
+        for (cred_a, cred_b) in duplicates.into_iter() {
+            let least_used_ciphersuite = least_used_ciphersuite(cred_a.ciphersuite, cred_b.ciphersuite);
+            match least_used_ciphersuite {
+                None => {
+                    // If the least used ciphersuite couldn't be determined, something in the data is not what we assume
+                    //
+                    // a) the duplicate doesn't form a pair of ciphersuites with a matching signature scheme (error in
+                    // previous meta migration)
+                    //
+                    // b) both ciphersuites don't get used in any mls group
+                    //
+                    // In both cases, what we want to do is delete both credentials.
+                    super::delete_credential_by_value(tx, cred_a.credential.clone()).await?;
+                    super::delete_credential_by_value(tx, cred_b.credential.clone()).await?;
+                }
+                Some(least_used_ciphersuite) => {
+                    let cred_to_delete = if least_used_ciphersuite == cred_a.ciphersuite {
+                        cred_a.credential.clone()
+                    } else {
+                        cred_b.credential.clone()
+                    };
+                    super::delete_credential_by_value(tx, cred_to_delete).await?;
+                }
+            };
+        }
+        Ok(())
+    })
+    .await?;
 
     let migrated_idb = get_builder(name).build().await?;
     let version = migrated_idb.version()?;

keystore/src/connection/platform/wasm/migrations/v9.rs

@@ -8,45 +8,39 @@ use super::DB_VERSION_9;
 use crate::{
     CryptoKeystoreResult, Database, DatabaseKey,
     connection::platform::wasm::WasmStorageTransaction,
-    entities::{Entity as _, EntityBase, StoredCredential},
+    entities::{Entity as _, EntityBase, EntityFindParams, StoredCredential},
 };
 
 /// Open IDB once with the new builder and close it, this will apply the update.
 pub(super) async fn migrate(name: &str, key: &DatabaseKey) -> CryptoKeystoreResult<u32> {
-    let db_before_migration = Database::open(crate::ConnectionType::Persistent(name), key).await?;
-    let connection = db_before_migration.conn().await?;
-    let credentials = connection
-        .storage()
-        .get_all::<StoredCredential>(StoredCredential::COLLECTION_NAME, None)
-        .await?;
+    let previous_builder = super::v8::get_builder(name);
+    let mut db_during_migration = Database::migration_connection(previous_builder, key).await?;
+    let credentials = StoredCredential::find_all(&mut db_during_migration, EntityFindParams::default()).await?;
 
     let collection_name = format!(
         "{collection_name}_new",
         collection_name = StoredCredential::COLLECTION_NAME
     );
 
-    db_before_migration.new_transaction().await?;
-    let mut tx_creator = connection.conn().await;
-    let mut tx = tx_creator.new_transaction(&[&collection_name]).await?;
-
-    for mut credential in credentials {
-        let serializer = serde_wasm_bindgen::Serializer::json_compatible();
-        let key = &js_sys::Uint8Array::from(credential.public_key.as_slice()).into();
+    Database::migration_transaction(db_during_migration, async |tx| {
         match tx {
-            WasmStorageTransaction::Persistent { ref mut tx, cipher } => {
-                credential.encrypt(cipher)?;
-                let js_value = credential.serialize(&serializer)?;
+            WasmStorageTransaction::Persistent { tx, cipher } => {
+                let serializer = serde_wasm_bindgen::Serializer::json_compatible();
                 let store = tx.object_store(&collection_name)?;
-                store.put(&js_value, Some(key))?.await?;
+                for mut credential in credentials {
+                    let key = &js_sys::Uint8Array::from(credential.public_key.as_slice()).into();
+                    credential.encrypt(cipher)?;
+                    let js_value = credential.serialize(&serializer)?;
+                    store.put(&js_value, Some(key))?.await?;
+                }
             }
             WasmStorageTransaction::InMemory { .. } => {
                 // in memory transaction is never used in production.
             }
         }
-    }
-
-    tx.commit_tx().await?;
-    db_before_migration.close().await?;
+        Ok(())
+    })
+    .await?;
 
     let migrated_idb = get_builder(name).build().await?;
     let version = migrated_idb.version()?;
@@ -57,7 +51,7 @@ pub(super) async fn migrate(name: &str, key: &DatabaseKey) -> CryptoKeystoreResu
 /// Set up the builder for v9.
 pub(super) fn get_builder(name: &str) -> DatabaseBuilder {
     let collection_name = StoredCredential::COLLECTION_NAME;
-    let collection_name_with_prefix = &format!("{collection_name}-new",);
+    let collection_name_with_prefix = &format!("{collection_name}_new",);
 
     super::v8::get_builder(name)
         .version(DB_VERSION_9)