fix: use the app identity keys everywhere #276
Conversation
|
converted to draft as this would break other things (e.g. see #277), we need to first change how we verify identities everywhere |
pcarranzav
force-pushed
the
pcv/fix-connect-keys
branch
from
bf5a70a to
27d6e6e
Compare
|
This is now rebased on top of #277. I have tested:
I think these provide a good validation that keys are being properly passed around and validated now. |
pcarranzav
changed the title
pcarranzav
force-pushed
the
pcv/fix-connect-keys
branch
from
27d6e6e to
22dba44
Compare
pcarranzav
force-pushed
the
pcv/fix-connect-keys
branch
from
22dba44 to
be18951
Compare
pcarranzav
force-pushed
the
pcv/fix-connect-keys
branch
from
be18951 to
59de1c4
Compare
pcarranzav
force-pushed
the
pcv/fix-account-inbox-creation
branch
from
fc20c53 to
427d174
Compare
pcarranzav
force-pushed
the
pcv/fix-connect-keys
branch
from
59de1c4 to
c090340
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR modifies the identity verification system to use app identity keys everywhere throughout the hypergraph codebase. The changes update functions and data structures to accept and utilize public keys and app IDs for identity verification, replacing the previous single-parameter approach.
Key changes include:
- Updated
getVerifiedIdentityfunction signature to acceptsignaturePublicKeyandappIdparameters - Modified identity storage to support arrays of identities with app-specific keys
- Enhanced server endpoints to handle both connect and app identities through a unified approach
Reviewed Changes
Copilot reviewed 23 out of 24 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/hypergraph/test/space-events/*.test.ts | Updated test mocks to use new identity verification signature with public key parameter |
| packages/hypergraph/test/inboxes/inboxes.test.ts | Modified test mocks and assertions to support new identity verification pattern |
| packages/hypergraph/src/store.ts | Changed identity storage from single objects to arrays supporting multiple app identities |
| packages/hypergraph/src/space-events/apply-event.ts | Updated event application to pass public key to identity verification |
| packages/hypergraph/src/messages/types.ts | Added optional appId field to ResponseIdentity schema |
| packages/hypergraph/src/inboxes/message-validation.ts | Modified validation to pass signer and null appId to identity verification |
| packages/hypergraph/src/identity/get-verified-identity.ts | Enhanced to support both signature public key and app ID lookup patterns |
| packages/hypergraph/src/connect/login.ts | Updated identity existence check endpoint path |
| packages/hypergraph-react/src/hooks/useExternalAccountInbox.ts | Fixed property name from address to accountAddress |
| packages/hypergraph-react/src/HypergraphAppContext.tsx | Updated to use new identity verification signature and added appId prop |
| apps/server/src/index.ts | Added new endpoint handlers and updated existing ones to support app/connect identity lookup |
| apps/server/src/handlers/getSpace.ts | Added appIdentityAddress parameter for keybox filtering |
| apps/server/src/handlers/getAppOrConnectIdentity.ts | New handler for unified identity lookup supporting both connect and app identities |
| apps/server/src/handlers/getAccountInbox.ts | Fixed property name from id to address |
| apps/server/src/handlers/create-space.ts | Updated to use new identity verification signature |
| apps/server/src/handlers/applySpaceEvent.ts | Enhanced to pass space ID context to identity verification |
| apps/next-example/src/components/providers.tsx | Added required appId prop |
| apps/events/src/routes/login.lazy.tsx | Removed appId parameter from redirect function call |
| apps/events/src/Boot.tsx | Added required appId prop |
| apps/connect/src/routes/authenticate.tsx | Fixed key usage to use app identity keys instead of connect keys |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
Comments suppressed due to low confidence (1)
packages/hypergraph/test/inboxes/inboxes.test.ts:357
- The mock implementation uses an empty string as fallback for publicKey, but this might not accurately represent real-world scenarios and could mask validation issues in tests.
signaturePublicKey: publicKey ?? '',
| @@ -14,16 +16,25 @@ export const getVerifiedIdentity = async ( | |||
| encryptionPublicKey: string; | |||
| signaturePublicKey: string; | |||
| }> => { | |||
There was a problem hiding this comment.
The function should validate that exactly one of signaturePublicKey or appId is provided, but the current validation allows both to be null. Consider adding validation to ensure at least one parameter is provided.
| }> => { | |
| }> => { | |
| if (!signaturePublicKey && !appId) { | |
| throw new Error('At least one of signaturePublicKey or appId must be provided'); | |
| } |
Copilot uses AI. Check for mistakes.
| @@ -64,7 +64,8 @@ interface StoreContext { | |||
| signaturePublicKey: string; | |||
| accountProof: string; | |||
| keyProof: string; | |||
| }; | |||
| appId: string | null; | |||
There was a problem hiding this comment.
[nitpick] The type definition changes the structure from a single identity object to an array, but the line shows only the appId field addition. This could cause confusion about the complete structural change being made.
Copilot uses AI. Check for mistakes.
| if (!('appId' in params)) { | ||
| const where: { address: string; connectSignaturePublicKey?: string } = { address: params.accountAddress }; | ||
| if ('signaturePublicKey' in params) { | ||
| where.connectSignaturePublicKey = params.signaturePublicKey; | ||
| } |
There was a problem hiding this comment.
[nitpick] The logic uses type narrowing based on property existence, but the function would be clearer with explicit parameter validation or using discriminated unions in the type definition.
| if (!('appId' in params)) { | |
| const where: { address: string; connectSignaturePublicKey?: string } = { address: params.accountAddress }; | |
| if ('signaturePublicKey' in params) { | |
| where.connectSignaturePublicKey = params.signaturePublicKey; | |
| } | |
| if (params.type === 'connect') { | |
| const where: { address: string; connectSignaturePublicKey?: string } = { address: params.accountAddress }; | |
| where.connectSignaturePublicKey = params.signaturePublicKey; |
Copilot uses AI. Check for mistakes.
| @@ -24,6 +24,8 @@ export const validateSpaceInboxMessage = async ( | |||
| const signer = recoverSpaceInboxMessageSigner(message, spaceId, inbox.inboxId); | |||
| const verifiedIdentity = await Identity.getVerifiedIdentity( | |||
| message.authorAccountAddress, | |||
| signer, | |||
There was a problem hiding this comment.
[nitpick] Passing null as the appId parameter without a clear comment makes the intent unclear. Consider adding a comment explaining why appId is null in this context.
| signer, | |
| signer, | |
| // Passing null as appId because this context does not require an application-specific identifier. |
Copilot uses AI. Check for mistakes.
Depends on #277 (see comments below) - please merge that one first and change the base branch.