Migrate vault entries to new schema #2092
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ekzyis
force-pushed
the
wallet-refactor-migrate-vault
branch
5 times, most recently
from
5729ce6 to
b35f1f7
Compare
ekzyis
force-pushed
the
wallet-refactor-migrate-vault
branch
8 times, most recently
from
1423528 to
5f09dea
Compare
ekzyis
commented
Apr 16, 2025
ekzyis
force-pushed
the
wallet-refactor-migrate-vault
branch
9 times, most recently
from
c56113b to
7a4832a
Compare
ekzyis
commented
Apr 19, 2025
ekzyis
commented
Apr 21, 2025
api/resolvers/vault.js
Outdated
| where: { userId_key: { userId: me.id, key: entry.key } }, | ||
| data: { value: entry.value, iv: entry.iv } | ||
| })) | ||
| const wallets = await models.wallet.findMany({ where: { userId: me.id } }) |
There was a problem hiding this comment.
I think fetching the wallets outside of the transaction is fine since it's a read-only operation.
Else this needs to become an interactive transaction 👀
I tried to do this with a bulk update query instead of individual updates per wallet but Prisma doesn't seem to support that and I don't know how to update across multiple subtables via raw SQL depending on the wallet type.
There was a problem hiding this comment.
Regardless of whether this is interactive, this code is/was vulnerable to race conditions if a wallet is upserted while the vault key is updated.
There was a problem hiding this comment.
Okay, I assume this is blocking this PR
There was a problem hiding this comment.
This wasn't blocking because even after your changes the code is vulnerable to a race "if a wallet is upserted while the vault key is updated." Your change only protects against hash change races on the user row.
e.g.
tx1: read wallets (wallets with ids [1,2])
tx2: insert wallet (wallet [3])
tx2: commit
tx1: update hash
tx1: commit
Wallet [3] is broken because it's encrypted with a different key.
There was a problem hiding this comment.
The above race is very unlikely to occur, but that's why it wasn't blocking. The real fix is nontrivial too: the only way to afaict is to give each vault entry a foreign key constraint on the correct key hash. That way, if the hash is updated any concurrent inserts will fail.
There was a problem hiding this comment.
Both transactions read the old vault key hash first, so one of them should fail when they try to update it at the end because they won't find the row anymore, no?
edit: Oh, I think I see what you mean. We can insert wallets without ever checking the current vault key hash.
ekzyis
force-pushed
the
wallet-refactor-migrate-vault
branch
from
e604617 to
42114e7
Compare
ekzyis
dismissed
huumn’s stale review
#2146 is addressing feedback in review and I'm merging this into wallet-v2, so the PR to merge wallet-v2 into master is the one that should be reviewed.
The PRs that merge into wallet-v2 just give additional context of what went into wallet-v2.
Merged
ekzyis
added a commit
that referenced
this pull request
May 21, 2025
* Migrate existing vault entries to new schema * Read+write new vault schema * Drop VaultEntry table * Refactor vaultPrismaFragments * Remove wrong comment * Remove TODO * Fix possible race condition on update of vault key * Remove lib/object.js
ekzyis
added a commit
that referenced
this pull request
May 23, 2025
* Migrate existing vault entries to new schema * Read+write new vault schema * Drop VaultEntry table * Refactor vaultPrismaFragments * Remove wrong comment * Remove TODO * Fix possible race condition on update of vault key * Remove lib/object.js
ekzyis
added a commit
that referenced
this pull request
May 25, 2025
* Migrate existing vault entries to new schema * Read+write new vault schema * Drop VaultEntry table * Refactor vaultPrismaFragments * Remove wrong comment * Remove TODO * Fix possible race condition on update of vault key * Remove lib/object.js
ekzyis
added a commit
that referenced
this pull request
May 31, 2025
* Migrate existing vault entries to new schema * Read+write new vault schema * Drop VaultEntry table * Refactor vaultPrismaFragments * Remove wrong comment * Remove TODO * Fix possible race condition on update of vault key * Remove lib/object.js
ekzyis
added a commit
that referenced
this pull request
Jun 3, 2025
* Migrate existing vault entries to new schema * Read+write new vault schema * Drop VaultEntry table * Refactor vaultPrismaFragments * Remove wrong comment * Remove TODO * Fix possible race condition on update of vault key * Remove lib/object.js
ekzyis
added a commit
that referenced
this pull request
Jun 4, 2025
* Migrate existing vault entries to new schema * Read+write new vault schema * Drop VaultEntry table * Refactor vaultPrismaFragments * Remove wrong comment * Remove TODO * Fix possible race condition on update of vault key * Remove lib/object.js
ekzyis
added a commit
that referenced
this pull request
Jun 6, 2025
* Migrate existing vault entries to new schema * Read+write new vault schema * Drop VaultEntry table * Refactor vaultPrismaFragments * Remove wrong comment * Remove TODO * Fix possible race condition on update of vault key * Remove lib/object.js
ekzyis
added a commit
that referenced
this pull request
Jun 6, 2025
* Migrate existing vault entries to new schema * Read+write new vault schema * Drop VaultEntry table * Refactor vaultPrismaFragments * Remove wrong comment * Remove TODO * Fix possible race condition on update of vault key * Remove lib/object.js
ekzyis
added a commit
that referenced
this pull request
Jun 11, 2025
* Migrate existing vault entries to new schema * Read+write new vault schema * Drop VaultEntry table * Refactor vaultPrismaFragments * Remove wrong comment * Remove TODO * Fix possible race condition on update of vault key * Remove lib/object.js
ekzyis
added a commit
that referenced
this pull request
Jun 13, 2025
* Migrate existing vault entries to new schema * Read+write new vault schema * Drop VaultEntry table * Refactor vaultPrismaFragments * Remove wrong comment * Remove TODO * Fix possible race condition on update of vault key * Remove lib/object.js
ekzyis
added a commit
that referenced
this pull request
Jun 15, 2025
* Migrate existing vault entries to new schema * Read+write new vault schema * Drop VaultEntry table * Refactor vaultPrismaFragments * Remove wrong comment * Remove TODO * Fix possible race condition on update of vault key * Remove lib/object.js
ekzyis
added a commit
that referenced
this pull request
Jun 15, 2025
* Migrate existing vault entries to new schema * Read+write new vault schema * Drop VaultEntry table * Refactor vaultPrismaFragments * Remove wrong comment * Remove TODO * Fix possible race condition on update of vault key * Remove lib/object.js
ekzyis
added a commit
that referenced
this pull request
Jun 18, 2025
* Migrate existing vault entries to new schema * Read+write new vault schema * Drop VaultEntry table * Refactor vaultPrismaFragments * Remove wrong comment * Remove TODO * Fix possible race condition on update of vault key * Remove lib/object.js
ekzyis
added a commit
that referenced
this pull request
Jun 18, 2025
* Migrate existing vault entries to new schema * Read+write new vault schema * Drop VaultEntry table * Refactor vaultPrismaFragments * Remove wrong comment * Remove TODO * Fix possible race condition on update of vault key * Remove lib/object.js
ekzyis
added a commit
that referenced
this pull request
Jun 19, 2025
* Migrate existing vault entries to new schema * Read+write new vault schema * Drop VaultEntry table * Refactor vaultPrismaFragments * Remove wrong comment * Remove TODO * Fix possible race condition on update of vault key * Remove lib/object.js
ekzyis
added a commit
that referenced
this pull request
Jun 20, 2025
* Migrate existing vault entries to new schema * Read+write new vault schema * Drop VaultEntry table * Refactor vaultPrismaFragments * Remove wrong comment * Remove TODO * Fix possible race condition on update of vault key * Remove lib/object.js
ekzyis
added a commit
that referenced
this pull request
Jun 20, 2025
* Migrate existing vault entries to new schema * Read+write new vault schema * Drop VaultEntry table * Refactor vaultPrismaFragments * Remove wrong comment * Remove TODO * Fix possible race condition on update of vault key * Remove lib/object.js
ekzyis
added a commit
that referenced
this pull request
Jun 26, 2025
* Migrate existing vault entries to new schema * Read+write new vault schema * Drop VaultEntry table * Refactor vaultPrismaFragments * Remove wrong comment * Remove TODO * Fix possible race condition on update of vault key * Remove lib/object.js
ekzyis
added a commit
that referenced
this pull request
Jun 27, 2025
* Migrate existing vault entries to new schema * Read+write new vault schema * Drop VaultEntry table * Refactor vaultPrismaFragments * Remove wrong comment * Remove TODO * Fix possible race condition on update of vault key * Remove lib/object.js
ekzyis
added a commit
that referenced
this pull request
Jul 6, 2025
* Migrate existing vault entries to new schema * Read+write new vault schema * Drop VaultEntry table * Refactor vaultPrismaFragments * Remove wrong comment * Remove TODO * Fix possible race condition on update of vault key * Remove lib/object.js
ekzyis
added a commit
that referenced
this pull request
Jul 8, 2025
* Migrate existing vault entries to new schema * Read+write new vault schema * Drop VaultEntry table * Refactor vaultPrismaFragments * Remove wrong comment * Remove TODO * Fix possible race condition on update of vault key * Remove lib/object.js
huumn
added a commit
that referenced
this pull request
Jul 15, 2025
* Migrate vault entries to new schema (#2092) * Migrate existing vault entries to new schema * Read+write new vault schema * Drop VaultEntry table * Refactor vaultPrismaFragments * Remove wrong comment * Remove TODO * Fix possible race condition on update of vault key * Remove lib/object.js * Wallet schema v2 (#2146) * Add wallet-v2 TODOs * Update checkWallet * Wallet list * Delete almost all wallet v1 code and add some code for wallet protocol forms * Define protocol display name in JSON * Show form per protocol * Increase max-height of image in form * Add JSdoc for protocols, form validation * Use wallet cards again My wallet list was quite ugly and I couldn't look at it anymore. * Refactor hooks in wallet provider * Fix PasswordInput not used * Read encrypted wallets * Decrypt wallets * useWalletQuery now returns decrypted wallets * Refactor useIndexedDB because its only purpose will be to store the key, so no need for pagination code etc. * There is still a bug: if the wallet is not decrypted on first render, the form will not see the decrypted value. See TODO. * Rename protocolJson to protocol it no longer uses a JSON file * Fix form not updated with decrypted API key * Fix wallet template forms * Fix optional shown as hint * Rename to mapUserWalletResolveTypes * Save LNbits send and recv TODO: * implement resolvers for other protocols * fix double update required for trigger? * add missing validation on server * add missing network tests * don't import from wallets/client on server * Move definitions to lib/wallets.json and lib/protocols * Fix ProtocolWallet.updated_at not updated by trigger * Move wallet fragments into wallets/client/fragments/ * move invoice fragments to fragments/invoice.js * remove some unused fragments that I don't think I also will not use * move fragments that will be generated in own file * Move wallet resolvers into wallets/server/resolvers * Fix missing authorization check on wallet update * Run all shared code in generic wallet update function * Fix 'encrypt' flag not set for blink send currency * Add mutations for all protocols * Fix macaroon validation * Fix CLN socket value not set * Add server-side schema validation * Fix JSDoc typedef for protocols * Don't put JSDoc into separate file * Create test invoices on save * Also move type resolvers into wallets/server/resolvers * Fix unconfigured protocols of UserWallet not found * Fix Blink API key in wallet seed * Test send payment on save (except LNC) This does not include LNC because LNC cannot be saved yet * Check if window.webln is defined on save * Create new wallets from templates * Separate protocols in wallets/lib into individual files * Use justify-content-start for protocol tabs and larger margin at the top * Add LNC to client protocols * Only return wallets from useWallets * Query decrypted wallets * Payments with new wallets * More wallet logos * Fix TypeError in useIndexedDB * Add protocol attach docs * Fix undefined useWalletRecvPrompt import * Remove outdated TODOs * First successful zap to new wallets * Fix walletLogger imports * Fix sequences * the sequences for InvoiceForward and DirectPayment were still starting at 1 * when using setval() with two arguments, nextval() will return the second argument+1 (see https://www.postgresql.org/docs/current/functions-sequence.html) * Rename ProtocolWallet columns * Remove more outdated TODOs * Update wallet indicator * Fix page reset on route change * Refactor __typename checks into functions * Refactor protocol selection into own hook * Add button to detach protocol * Refetch wallet on save and detach * Refetch wallets on change * Always show all templates * Refactor WalletLink component * Also put wallet into forms context * Remove outdated TODOs * Use useMemo in wallets hooks * Passphrase modals * prompt for password if decryption failed * add button to reveal passphrase on wallet page TODO: * remove button if passphrase was revealed or imported * encrypt wallets with new key on passphrase reveal * Fix protocol missing as callback dependency * Encrypt wallets with new key on passphrase export * Update 'unlock wallets' text * Rename wallet mutation hooks * Remove 'removeWallet' mutation Wallets are automatically deleted when all protocols are deleted * Passphrase reset * Use 110px as minimum width for bip39 words longest bip39 words are 8 characters and they fit into 103px so I rounded up to 110px. * Also disable passphrase export on save * Wallet settings * Fix wallet receive prompt * Remove unused parameters from postgres function * Rename UserWallet to Wallet, ProtocolWallet to WalletProtocol * Use danger variant for button to show passphrase * Fix inconsistent imports and exports * Remove outdated TODOs * wallet logs * Remove outdated comment * Make sure wallets are used in priority order * Separate wallets from templates in reducer * Fix missing useCallback dependencies * Refactor with useWalletLogger hook * Move enabled to WalletProtocol * Add checkbox to enable/disable protocol * Fix migration with prod db dump * Parse Coinos relay URLs * Skip network tests if only enabled changed * Allow IndexedDB calls without session * Add code to migrate old CryptoKey * first try to use existing CryptoKey before generating a new one * bump IDB version to delete old object stores and create new ones * return IDB callbacks with useMemo * don't delete old IDB right away, wait until next release * Fix ghost import error *Sometimes*, I get import errors because it tries to resolve @/wallets/server to wallets/server.js instead of wallets/server/index.js. For the files in wallets/server, it kind of makes sense because it's a circular import. But I don't know why the files in worker/ have this problem. Interestingly, it only seems to happen with walletLogger imports, so I guess its related to its import chain. Anyway, this commit should make sure this never happens again ... * Skip wallets queries if not logged in * Split CUSTOM wallet into NWC and LN_ADDR * Migrate local wallets * Link to /wallets/:id/receive if send not supported * Hide separator if there are no configured wallets * Save LNC * Add one-liner to attach LNC * Update wallet priorities via DnD * Wallet logs are part of protocol resolvers * Fix logging to deleted protocol * Fix trying to fetch logs for template * also change type to Int so GraphQL layer can catch trying to fetch string IDs as is the case for templates * Fix embedded flag for wallets logs not set * Remove TODO * Decrease max-height for embedded wallet logs on big screens * Fix missing refetch on wallet priority update * Set priorities of all wallets in one tx * Fix nested state update * Add DragIcon * DnD mobile support and refactor * Add CancelButton to wallet settings * Remount form if path changes This fixes the following warning in the console: """ Warning: A component is changing an uncontrolled input to be controlled. This is likely caused by the value changing from undefined to a defined value, which should not happen. Decide between using a controlled or uncontrolled input element for the lifetime of the component. """ * Support string and object for wallet.image JSON * Append domain to lightning address inputs * Remove outdated TODOs * Add template IDs to wallet JSON * Fix missing callback dependency * Implement lightning address save in receive prompt * Update TODOs * Fix missing check for enabled * Pay QR codes with WebLN as anon * Add logo for NWC * Fix trying to save logs for template * Add template logs * Fix inconsistent margin * Always throw on missing key * Remove misleading comment Wallets are returned even if decryption fails so we can show the unlock page if a wallet is stored as encrypted in the context. Maybe I should rethink this. * Check for existing wallets on local wallet migration * Fix local wallet migration causing duplicates * Fix protocol reattached on detach due to migration * Fix form not centered * Fix ZEUS lightning address domain * Add placeholder, help, hints etc. to wallet form inputs * Fix wallet badges not updated * Remove unused declared variables * Rename to ATTACH_PAGE * Fix 500 error if no amount was given to LNURLp endpoint * Tag log messages with wallet name * Only skip network tests if we're disabling the wallet * Rename var to networkTests * Continue to store key hash in IndexedDB * Rethink wallet state management If decryption failed, the function to decrypt the wallets didn't throw but simply returned wallets that were still encrypted. This was bad because it meant we could not rely on the wallets in the state being decrypted, even though this was the original idea behind the query hooks: hide the details of encryption and decryption inside them. Because of this, we had to check if the wallets were still encrypted before we ran the wallet migration since we want to check if a protocol already exists. This commit fixes this by making encryption and decryption always throw (and catching the errors), as well as returning a ready state from hooks. A hook might not be ready because it still needs to load something (in the case of the crypto hooks, it's loading the key from IndexedDB). Callers check that ready state before they call the function returned by the hook. So now, the wallet migration hook can itself simply check if the hook to encrypt wallets is ready and if the wallets are no longer loading to let callers know if it itself is ready. Since we also relied on wallets stored as encrypted in the context to show the unlock page, this was also changed by comparing the local and remote key hash. * Add empty line * Save new key hash during wallet reset * Only receive protocol upserts require networkTests param * Compare key hashes on server on each save * Delete old code * Fix card shows attach instead of configure * Fix empty wallets created during migration The old schema can contain '' instead of NULL in the columns of wallets for receiving. * Update reset passphrase text * Wrap passphrase reset in try/catch * Fix migrate called multiple times * Update key hash on migration if not set * Fetch local wallets in migrate * Fix missing await on setKey * Let first device set key hash * Fix indicator not shown if wallets locked * Check if IndexedDB is available * Fix inconsistent WebLN error message * Disable WebLN if not available * Remove outdated TODO * Cursor-based pagination for wallet logs * Fix log message x-overflow * Add context to wallet logs * Wrap errors are warnings in logs * Rename wallet v2 migrations * Update wallet status during logging * Fix wallet logs loading state The loading state would go from false -> true -> false because it's false when the lazy query wasn't called yet. * Add wallet search * Add Alby Go wallet * Revert "Add Alby Go wallet" This reverts commit 926c706. * Fix wallet logs sent by client don't update protocol status * Fix mutation name * put drag icon on opposite corner * Add wallets/README.md * Fix inconsistent case in wallets/README.md * Fix autoprefixer warning about mixed support This warning was in the app logs: app | Warning app | app | (31:3) autoprefixer: end value has mixed support, consider using flex-end instead app | app | Import trace for requested module: app | ./styles/wallet.module.css app | ./wallets/client/hooks/prompt.js app | ./wallets/client/hooks/index.js app | ./wallets/client/context/hooks.js app | ./wallets/client/context/provider.js app | ./wallets/client/context/index.js * fix effect of wallet indicators on logo * Fix deleting wallet template logs * Use name as primary key of WalletTemplate * Fix wallet_clear_vault trigger not mentioned in README * Fix wallet receive prompt Also remove no longer needed templateId from wallets.json and helper functions * Use findUnique since name is now primary key * Merge Alby wallets into one * Remove unused name parameter from WalletsForm component * Fix number check to decide if wallet or template * Update wallet encryption on click, not as effect * add cashu.me and lightning address logos * add images * Use recommended typeof to check if IDB available * Also check if IDB available on delete * Use constraint triggers * Add indices on columns used for joins * Fix inconsistent CLEAR OR REPLACE TRIGGER * Attach wallet_check_support trigger to WalletProtocol table * Update wallets/README.md * Remove debugging code * Refactor reducer: replace page with status * Show 'wallets unavailable' if device does not support IndexedDB * Remove duplicate ELSIF condition * Fix hasSendWallet The useSendWallets hook was not checking if the returned send wallets are enabled. Since the components that used that hook only need to know if there is a send wallet, I replaced the useSendWallets hook with a useHasSendWallet hook. * Add Cash App wallet * fix changes loglevel enum * Fix key init race condition in strict mode if no key exists yet * Formatting * Fix key init race condition via transactions in readwrite mode * Replace Promise.withResolvers with regular promises * replace generic spinner with our usual --------- Co-authored-by: k00b <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR replaces the existing
VaultEntrytable which links to a row in the genericWallettable (and to a row in theuserstable) with a new tableVaultwhere columns in the specific wallet tables likeWalletNWClink to it.TODO:
upsertWalletXXXmutationVaulttableVaultEntrytablewalletsqueryVaulttable instead of from oldVaultEntrytablemodels.vaultEntrycallsinjectResolvers(Remove unused vaultEntries during upsertWallet #2114)getVaultEntriesqueryupdateVaultKeymutationclearVaultmutationcheckWalletjobTODO_newNameVaultEntrytableChecklist
Are your changes backwards compatible? Please answer below:
Yes. All rows from
VaultEntryare migrated toVaultwith a link to them from their respective wallet tables and all LNC and WebLN rows fromWalletare now also inserted into their new wallet tables.On a scale of 1-10 how well and how have you QA'd this change and any features it might affect? Please answer below:
8(7a4832a). Tested saving recv-only/send-only/recv+send of following wallets with/without device sync:(= every wallet except Blink)
since my internet is kind of bad here (attaching NWC times out Phoenixd
Tried to test migration with production data but metabase CSV export is broken. It returns NULL for empty strings so it broke on
users."vaultKeyHash"being NULL.1 Didn't bother further if the import already doesn't work because of something like this.Okay, I haven't tested 727d931 as much as I did 7a4832a but it should still be a solid 7 at least!
I tested WebLN and various combinations of LNbits with device sync and not etc.
For frontend changes: Tested on mobile, light and dark mode? Please answer below:
n/a
Did you introduce any new environment variables? If so call them out explicitly here:
no
Footnotes
not sure why this isn't a nullable column but uses an empty string as the default but I'll look into this in a future PR ... ↩