Identity deletion token & bugfixes

okTurtles · Jan 8, 2025 · fdcc33d · fdcc33d
1 parent 0b72902
commit fdcc33d
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 9 deletions.
diff --git a/backend/routes.js b/backend/routes.js
@@ -157,6 +157,10 @@ route.POST('/event', {
             console.info(`new user: ${name}=${deserializedHEAD.contractID} (${ip})`)
           }
         }
+        const deletionToken = request.headers['shelter-deletion-token']
+        if (deletionToken) {
+          await sbp('chelonia/db/set', `_private_deletionToken_${deserializedHEAD.contractID}`, deletionToken)
+        }
       }
       // Store size information
       await sbp('backend/server/updateSize', deserializedHEAD.contractID, Buffer.byteLength(request.payload))
@@ -569,13 +573,14 @@ route.POST('/deleteContract/{hash}', {
   const { hash } = request.params
   const strategy = request.auth.strategy
   if (!hash || hash.startsWith('_private')) return Boom.notFound()
-  const owner = await sbp('chelonia/db/get', `_private_owner_${hash}`)
-  if (!owner) {
-    return Boom.notFound()
-  }
 
   switch (strategy) {
     case 'chel-shelter': {
+      const owner = await sbp('chelonia/db/get', `_private_owner_${hash}`)
+      if (!owner) {
+        return Boom.notFound()
+      }
+
       let ultimateOwner = owner
       let count = 0
       // Walk up the ownership tree

diff --git a/backend/server.js b/backend/server.js
@@ -297,17 +297,18 @@ sbp('sbp/selectors/register', {
       const kvKeys = await sbp('chelonia/db/get', kvIndexKey)
       if (kvKeys) {
         await kvKeys.split('\x00').map((key) => {
-          return sbp('chelonia/db/delete', key)
+          return sbp('chelonia/db/delete', `_private_kv_${cid}_${key}`)
         })
       }
+      await sbp('chelonia/db/delete', kvIndexKey)
 
       await sbp('chelonia/db/delete', `_private_rid_${cid}`)
       await sbp('chelonia/db/delete', `_private_owner_${cid}`)
       await sbp('chelonia/db/delete', `_private_size_${cid}`)
       await sbp('chelonia/db/delete', `_private_deletionToken_${cid}`)
-      await removeFromIndexFactory(kvIndexKey)(cid)
       await removeFromIndexFactory(`_private_resources_${owner}`)(cid)
 
+      await sbp('chelonia/db/delete', `_private_hidx=${cid}#0`)
       await sbp('chelonia/db/set', cid, '')
 
       await sbp('chelonia/db/delete', `_private_cheloniaState_${cid}`)

diff --git a/frontend/controller/actions/identity.js b/frontend/controller/actions/identity.js
@@ -20,7 +20,7 @@ import { EVENT_HANDLED } from '~/shared/domains/chelonia/events.js'
 import { findKeyIdByName } from '~/shared/domains/chelonia/utils.js'
 // Using relative path to crypto.js instead of ~-path to workaround some esbuild bug
 import type { Key } from '../../../shared/domains/chelonia/crypto.js'
-import { CURVE25519XSALSA20POLY1305, EDWARDS25519SHA512BATCH, deserializeKey, keyId, keygen, serializeKey } from '../../../shared/domains/chelonia/crypto.js'
+import { CURVE25519XSALSA20POLY1305, EDWARDS25519SHA512BATCH, deserializeKey, generateSalt, keyId, keygen, serializeKey } from '../../../shared/domains/chelonia/crypto.js'
 import { handleFetchResult } from '../utils/misc.js'
 import { encryptedAction, groupContractsByType, syncContractsInOrder } from './utils.js'
 
@@ -194,6 +194,8 @@ export default (sbp('sbp/selectors/register', {
     const IPK = typeof wIPK === 'string' ? deserializeKey(wIPK) : wIPK
     const IEK = typeof wIEK === 'string' ? deserializeKey(wIEK) : wIEK
 
+    const deletionToken = generateSalt()
+
     // Create the necessary keys to initialise the contract
     const CSK = keygen(EDWARDS25519SHA512BATCH)
     const CEK = keygen(CURVE25519XSALSA20POLY1305)
@@ -221,6 +223,7 @@ export default (sbp('sbp/selectors/register', {
     const CEKs = encryptedOutgoingDataWithRawKey(IEK, serializeKey(CEK, true))
     const PEKs = encryptedOutgoingDataWithRawKey(CEK, serializeKey(PEK, true))
     const SAKs = encryptedOutgoingDataWithRawKey(IEK, serializeKey(SAK, true))
+    const encryptedDeletionToken = encryptedOutgoingDataWithRawKey(IEK, deletionToken)
 
     // Before creating the contract, put all keys into transient store
     await sbp('chelonia/storeSecretKeys',
@@ -232,7 +235,13 @@ export default (sbp('sbp/selectors/register', {
     try {
       await sbp('chelonia/out/registerContract', {
         contractName: 'gi.contracts/identity',
-        publishOptions,
+        publishOptions: {
+          ...publishOptions,
+          headers: {
+            ...publishOptions?.headers,
+            'shelter-deletion-token': deletionToken
+          }
+        },
         signingKeyId: IPKid,
         actionSigningKeyId: CSKid,
         actionEncryptionKeyId: PEKid,
@@ -367,7 +376,12 @@ export default (sbp('sbp/selectors/register', {
           // finalPicture is set after OP_CONTRACT is sent, which is after
           // calling 'chelonia/out/registerContract' here. We use a getter for
           // `picture` so that the action sent has the correct value
-          attributes: { username, email, get picture () { return finalPicture } }
+          attributes: {
+            username,
+            email,
+            get picture () { return finalPicture },
+            encryptedDeletionToken
+          }
         },
         namespaceRegistration: username
       })