diff --git a/backend/app/models/__init__.py b/backend/app/models/__init__.py index 8a3ef44..6bd9537 100644 --- a/backend/app/models/__init__.py +++ b/backend/app/models/__init__.py @@ -5,6 +5,7 @@ from app.models.social import Post, Comment, Like, Follow from app.models.video import Video, VideoView, VideoLike from app.models.file import File, Folder from app.models.blockchain import Block, Transaction, Wallet +from app.models.device import Device from app.models.ai_chat import Conversation, Message __all__ = [ @@ -23,6 +24,7 @@ __all__ = [ "Block", "Transaction", "Wallet", + "Device", "Conversation", "Message", ] diff --git a/backend/app/routers/auth.py b/backend/app/routers/auth.py index 97bcecb..da48d6b 100644 --- a/backend/app/routers/auth.py +++ b/backend/app/routers/auth.py @@ -91,7 +91,7 @@ async def register(user_data: UserCreate, db: AsyncSession = Depends(get_db)): wallet = Wallet( user_id=user.id, address=wallet_address, - private_key=private_key, + private_key=encrypted_private_key, public_key=public_key, balance=user.balance, label="Primary Wallet", diff --git a/backend/tests/test_auth.py b/backend/tests/test_auth.py index a839b95..6a28a06 100644 --- a/backend/tests/test_auth.py +++ b/backend/tests/test_auth.py @@ -1,6 +1,11 @@ """Authentication tests""" import pytest from httpx import AsyncClient +from sqlalchemy import select + +from app.models.user import User +from app.models.blockchain import Wallet +from app.services.crypto import wallet_crypto @pytest.mark.asyncio @@ -23,6 +28,37 @@ async def test_register_user(client: AsyncClient): assert data["balance"] == 100.0 # Starting bonus +@pytest.mark.asyncio +async def test_wallet_keys_are_encrypted(client: AsyncClient, db_session): + """Ensure new wallets store encrypted private keys for both tables""" + user_data = { + "username": "securewallet", + "email": "secure@example.com", + "password": "password123", + "full_name": "Secure User", + } + + response = await client.post("/api/auth/register", json=user_data) + assert response.status_code == 201 + + user_result = await db_session.execute( + select(User).where(User.username == user_data["username"]) + ) + user = user_result.scalar_one() + + wallet_result = await db_session.execute( + select(Wallet).where(Wallet.user_id == user.id) + ) + wallet = wallet_result.scalar_one() + + decrypted_user_key = wallet_crypto.decrypt(user.wallet_private_key) + decrypted_wallet_key = wallet_crypto.decrypt(wallet.private_key) + + assert decrypted_user_key == decrypted_wallet_key + assert user.wallet_private_key != decrypted_user_key + assert wallet.private_key != decrypted_wallet_key + + @pytest.mark.asyncio async def test_register_duplicate_user(client: AsyncClient, test_user): """Test registering duplicate user""" diff --git a/backend/tests/test_blockchain.py b/backend/tests/test_blockchain.py index 85acb16..226d69a 100644 --- a/backend/tests/test_blockchain.py +++ b/backend/tests/test_blockchain.py @@ -109,3 +109,29 @@ async def test_create_transaction_rejects_negative_amount( ) assert response.status_code == 422 + + +@pytest.mark.asyncio +async def test_create_transaction_succeeds_with_encrypted_keys( + client: AsyncClient, + auth_headers, + recipient_user +): + """Transactions should succeed when wallet keys are encrypted""" + tx_data = { + "to_address": recipient_user["wallet_address"], + "amount": 10, + "message": "Encrypted transfer", + } + + response = await client.post( + "/api/blockchain/transactions", + json=tx_data, + headers=auth_headers, + ) + + assert response.status_code == 201 + data = response.json() + assert data["from_address"] != data["to_address"] + assert data["to_address"] == recipient_user["wallet_address"] + assert data["amount"] == tx_data["amount"]