Merge branch origin/codex/reuse-encrypted-private-key-for-wallet into main

2026-03-17 04:57:15 -05:00 · 2025-11-16 04:35:43 -06:00
parent 5f92f36a30 e336147dcf
commit 6eddb519b8
4 changed files with 65 additions and 1 deletions
--- a/backend/app/models/init.py
+++ b/backend/app/models/init.py
@@ -6,6 +6,7 @@ from app.models.video import Video, VideoView, VideoLike
 from app.models.file import File, Folder
 from app.models.device import Device, DeviceMetric, DeviceLog
 from app.models.blockchain import Block, Transaction, Wallet
+from app.models.device import Device
 from app.models.ai_chat import Conversation, Message
 from app.models.device import Device, DeviceMetric, DeviceLog

@@ -28,6 +29,7 @@ __all__ = [
    "Block",
    "Transaction",
    "Wallet",
+    "Device",
    "Conversation",
    "Message",
    "Device",
--- a/backend/app/routers/auth.py
+++ b/backend/app/routers/auth.py
@@ -91,7 +91,7 @@ async def register(user_data: UserCreate, db: AsyncSession = Depends(get_db)):
    wallet = Wallet(
        user_id=user.id,
        address=wallet_address,
-        private_key=private_key,
+        private_key=encrypted_private_key,
        public_key=public_key,
        balance=user.balance,
        label="Primary Wallet",
--- a/backend/tests/test_auth.py
+++ b/backend/tests/test_auth.py
@@ -1,6 +1,11 @@
 """Authentication tests"""
 import pytest
 from httpx import AsyncClient
+from sqlalchemy import select
+
+from app.models.user import User
+from app.models.blockchain import Wallet
+from app.services.crypto import wallet_crypto


@pytest.mark.asyncio
@@ -23,6 +28,37 @@ async def test_register_user(client: AsyncClient):
    assert data["balance"] == 100.0  # Starting bonus


+@pytest.mark.asyncio
+async def test_wallet_keys_are_encrypted(client: AsyncClient, db_session):
+    """Ensure new wallets store encrypted private keys for both tables"""
+    user_data = {
+        "username": "securewallet",
+        "email": "secure@example.com",
+        "password": "password123",
+        "full_name": "Secure User",
+    }
+
+    response = await client.post("/api/auth/register", json=user_data)
+    assert response.status_code == 201
+
+    user_result = await db_session.execute(
+        select(User).where(User.username == user_data["username"])
+    )
+    user = user_result.scalar_one()
+
+    wallet_result = await db_session.execute(
+        select(Wallet).where(Wallet.user_id == user.id)
+    )
+    wallet = wallet_result.scalar_one()
+
+    decrypted_user_key = wallet_crypto.decrypt(user.wallet_private_key)
+    decrypted_wallet_key = wallet_crypto.decrypt(wallet.private_key)
+
+    assert decrypted_user_key == decrypted_wallet_key
+    assert user.wallet_private_key != decrypted_user_key
+    assert wallet.private_key != decrypted_wallet_key
+
+
@pytest.mark.asyncio
 async def test_register_duplicate_user(client: AsyncClient, test_user):
    """Test registering duplicate user"""
--- a/backend/tests/test_blockchain.py
+++ b/backend/tests/test_blockchain.py
@@ -109,3 +109,29 @@ async def test_create_transaction_rejects_negative_amount(
    )

    assert response.status_code == 422
+
+
+@pytest.mark.asyncio
+async def test_create_transaction_succeeds_with_encrypted_keys(
+    client: AsyncClient,
+    auth_headers,
+    recipient_user
+):
+    """Transactions should succeed when wallet keys are encrypted"""
+    tx_data = {
+        "to_address": recipient_user["wallet_address"],
+        "amount": 10,
+        "message": "Encrypted transfer",
+    }
+
+    response = await client.post(
+        "/api/blockchain/transactions",
+        json=tx_data,
+        headers=auth_headers,
+    )
+
+    assert response.status_code == 201
+    data = response.json()
+    assert data["from_address"] != data["to_address"]
+    assert data["to_address"] == recipient_user["wallet_address"]
+    assert data["amount"] == tx_data["amount"]