From 427d17401c7d6bac35f8221d8132c18b399e85b0 Mon Sep 17 00:00:00 2001
From: Pablo Carranza Velez <pablo@edgeandnode.com>
Date: Fri, 27 Jun 2025 17:33:06 -0300
Subject: [PATCH] fix: inboxes and app keys

---
 apps/connect/src/routes/authenticate.tsx               | 10 ++++++----
 packages/hypergraph-react/src/HypergraphAppContext.tsx |  6 +++---
 .../src/hooks/useExternalSpaceInbox.ts                 |  4 ++--
 .../hypergraph-react/src/hooks/useOwnSpaceInbox.ts     |  4 ++--
 4 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/apps/connect/src/routes/authenticate.tsx b/apps/connect/src/routes/authenticate.tsx
index cc849b15..7c783e16 100644
--- a/apps/connect/src/routes/authenticate.tsx
+++ b/apps/connect/src/routes/authenticate.tsx
@@ -407,8 +407,8 @@ function AuthenticateComponent() {
         appId: state.appInfo.appId,
         address: newAppIdentity.address,
         accountAddress,
-        signaturePublicKey: newAppIdentity.signaturePublicKey,
-        encryptionPublicKey: newAppIdentity.encryptionPublicKey,
+        signaturePublicKey: keys.signaturePublicKey,
+        encryptionPublicKey: keys.encryptionPublicKey,
         ciphertext,
         nonce,
         accountProof,
@@ -424,6 +424,8 @@ function AuthenticateComponent() {
         body: JSON.stringify(message),
       });
       const appIdentityResponse = await response.json();
+      // TODO: All apps are essentially using the same keys, we should change to using
+      // the newly created app identity keys, but that requires changing a lot of the verification logic in the server and HypergraphAppContext
       await encryptSpacesAndRedirect({
         accountAddress,
         appIdentity: {
@@ -432,8 +434,8 @@ function AuthenticateComponent() {
           accountAddress,
           encryptionPrivateKey: keys.encryptionPrivateKey,
           signaturePrivateKey: keys.signaturePrivateKey,
-          encryptionPublicKey: newAppIdentity.encryptionPublicKey,
-          signaturePublicKey: newAppIdentity.signaturePublicKey,
+          encryptionPublicKey: keys.encryptionPublicKey,
+          signaturePublicKey: keys.signaturePublicKey,
           sessionToken: appIdentityResponse.appIdentity.sessionToken,
           sessionTokenExpires: new Date(appIdentityResponse.appIdentity.sessionTokenExpires),
           permissionId,
diff --git a/packages/hypergraph-react/src/HypergraphAppContext.tsx b/packages/hypergraph-react/src/HypergraphAppContext.tsx
index ae62f7c7..3a23518f 100644
--- a/packages/hypergraph-react/src/HypergraphAppContext.tsx
+++ b/packages/hypergraph-react/src/HypergraphAppContext.tsx
@@ -627,7 +627,7 @@ export function HypergraphAppProvider({
             }
             const inboxCreator = Inboxes.recoverAccountInboxCreatorKey(response.inbox);
             if (inboxCreator !== identity.signaturePublicKey) {
-              console.error('Invalid inbox creator', response.inbox);
+              console.error('Invalid inbox creator', response.inbox, inboxCreator, identity.signaturePublicKey);
               return;
             }
 
@@ -1019,7 +1019,7 @@ export function HypergraphAppProvider({
       }
       const message = await Inboxes.createSpaceInboxCreationMessage({
         author: {
-          accountAddress: identity.address,
+          accountAddress: identity.accountAddress,
           signaturePublicKey,
           encryptionPublicKey,
           signaturePrivateKey,
@@ -1118,7 +1118,7 @@ export function HypergraphAppProvider({
         throw new Error('Missing keys');
       }
       const message = await Inboxes.createAccountInboxCreationMessage({
-        accountAddress: identity.address,
+        accountAddress: identity.accountAddress,
         isPublic,
         authPolicy,
         encryptionPublicKey,
diff --git a/packages/hypergraph-react/src/hooks/useExternalSpaceInbox.ts b/packages/hypergraph-react/src/hooks/useExternalSpaceInbox.ts
index ee8b40b0..2d1bad11 100644
--- a/packages/hypergraph-react/src/hooks/useExternalSpaceInbox.ts
+++ b/packages/hypergraph-react/src/hooks/useExternalSpaceInbox.ts
@@ -51,8 +51,8 @@ export function useExternalSpaceInbox({
 
         let authorAccountAddress: string | null = null;
         let signaturePrivateKey: string | null = null;
-        if (identity?.address && inbox.authPolicy !== 'anonymous') {
-          authorAccountAddress = identity.address;
+        if (identity?.accountAddress && inbox.authPolicy !== 'anonymous') {
+          authorAccountAddress = identity.accountAddress;
           signaturePrivateKey = identity.signaturePrivateKey;
         } else if (inbox.authPolicy === 'requires_auth') {
           throw new Error('Cannot send message to a required auth inbox without an identity');
diff --git a/packages/hypergraph-react/src/hooks/useOwnSpaceInbox.ts b/packages/hypergraph-react/src/hooks/useOwnSpaceInbox.ts
index 99d0f032..98c213a3 100644
--- a/packages/hypergraph-react/src/hooks/useOwnSpaceInbox.ts
+++ b/packages/hypergraph-react/src/hooks/useOwnSpaceInbox.ts
@@ -104,8 +104,8 @@ export function useOwnSpaceInbox({
 
         let authorAccountAddress: string | null = null;
         let signaturePrivateKey: string | null = null;
-        if (identity?.address && ownInbox.authPolicy !== 'anonymous') {
-          authorAccountAddress = identity.address;
+        if (identity?.accountAddress && ownInbox.authPolicy !== 'anonymous') {
+          authorAccountAddress = identity.accountAddress;
           signaturePrivateKey = identity.signaturePrivateKey;
         } else if (ownInbox.authPolicy === 'requires_auth') {
           throw new Error('Cannot send message to a required auth inbox without an identity');