wallet/core/signing-store-sql/src/store-sql.test.ts at 2c142aabd0e562e18bee081f66da2b4fc9bc851c · canton-network/wallet · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
// SPDX-License-Identifier: Apache-2.0

import { describe, expect, test, beforeEach } from 'vitest'
import { AuthContext } from '@canton-network/core-wallet-auth'
import { Kysely } from 'kysely'
import { pino } from 'pino'
import { migrator } from './migrator.js'
import { DB } from './schema.js'
import { connection, StoreSql } from './store-sql.js'

const userA: AuthContext = {
    userId: 'user-a',
    accessToken: 'token-a',
}

const userB: AuthContext = {
    userId: 'user-b',
    accessToken: 'token-b',
}

describe('StoreSql auth scoping', () => {
    let db: Kysely<DB>

    beforeEach(async () => {
        db = connection({ connection: { type: 'memory' } })
        const umzug = migrator(db)
        await umzug.up()
    })

    test('returns empty for getSigningKeyByPublicKey owned by another user', async () => {
        const storeWithoutAuth = new StoreSql(db, pino({ level: 'silent' }))
        await storeWithoutAuth.setSigningKey(userB.userId, {
            id: 'key-b',
            name: 'key-b',
            publicKey: 'user-b-public-key',
            privateKey: 'private-key-b',
            createdAt: new Date(),
            updatedAt: new Date(),
        })

        const scopedStore = storeWithoutAuth.withAuthContext(userA)
        const key =
            await scopedStore.getSigningKeyByPublicKey('user-b-public-key')

        expect(key).toBeUndefined()
    })

    test('scopes getSigningKeyByPublicKey to authContext user', async () => {
        const storeWithoutAuth = new StoreSql(db, pino({ level: 'silent' }))
        await storeWithoutAuth.setSigningKey(userA.userId, {
            id: 'key-a',
            name: 'key-a',
            publicKey: 'shared-public-key',
            privateKey: 'private-key-a',
            createdAt: new Date(),
            updatedAt: new Date(),
        })
        await storeWithoutAuth.setSigningKey(userB.userId, {
            id: 'key-b',
            name: 'key-b',
            publicKey: 'shared-public-key',
            privateKey: 'private-key-b',
            createdAt: new Date(),
            updatedAt: new Date(),
        })

        const scopedStore = storeWithoutAuth.withAuthContext(userA)
        const key =
            await scopedStore.getSigningKeyByPublicKey('shared-public-key')

        expect(key?.id).toBe('key-a')
        expect(key?.privateKey).toBe('private-key-a')
    })

    test('scopes listSigningTransactionsByTxIdsAndPublicKeys to authContext user', async () => {
        const storeWithoutAuth = new StoreSql(db, pino({ level: 'silent' }))
        const now = new Date()

        await storeWithoutAuth.setSigningTransaction(userA.userId, {
            id: 'tx-a',
            hash: 'hash-a',
            publicKey: 'public-key-a',
            status: 'signed',
            createdAt: now,
            updatedAt: now,
        })
        await storeWithoutAuth.setSigningTransaction(userB.userId, {
            id: 'tx-b',
            hash: 'hash-b',
            publicKey: 'public-key-b',
            status: 'signed',
            createdAt: now,
            updatedAt: now,
        })

        const scopedStore = storeWithoutAuth.withAuthContext(userA)
        const transactions =
            await scopedStore.listSigningTransactionsByTxIdsAndPublicKeys(
                ['tx-a', 'tx-b'],
                []
            )

        expect(transactions).toHaveLength(1)
        expect(transactions[0]?.id).toBe('tx-a')
    })
})