feat(ironfish): Remove cached accounts when encrypting/decrypting (#5299)

rohanjadvani · web-flow · commit f9fbde1771ed · 2024-08-19T14:28:20.000-04:00
diff --git a/ironfish/src/wallet/wallet.ts b/ironfish/src/wallet/wallet.ts
@@ -1792,7 +1792,7 @@ export class Wallet {
     const unlock = await this.createTransactionMutex.lock()
 
     try {
-      await this.walletDb.encryptAccounts(this.accounts, passphrase, tx)
+      await this.walletDb.encryptAccounts(passphrase, tx)
       await this.load()
     } finally {
       unlock()
@@ -1803,7 +1803,7 @@ export class Wallet {
     const unlock = await this.createTransactionMutex.lock()
 
     try {
-      await this.walletDb.decryptAccounts(this.encryptedAccounts, passphrase, tx)
+      await this.walletDb.decryptAccounts(passphrase, tx)
       await this.load()
     } finally {
       unlock()
diff --git a/ironfish/src/wallet/walletdb/walletdb.test.ts b/ironfish/src/wallet/walletdb/walletdb.test.ts
@@ -469,7 +469,7 @@ describe('WalletDB', () => {
       const accountA = await useAccountFixture(node.wallet, 'A')
       const accountB = await useAccountFixture(node.wallet, 'B')
 
-      await walletDb.encryptAccounts([accountA, accountB], passphrase)
+      await walletDb.encryptAccounts(passphrase)
 
       const encryptedAccountById = new Map<string, EncryptedAccount>()
       for await (const [id, accountValue] of walletDb.loadAccounts()) {
@@ -503,7 +503,7 @@ describe('WalletDB', () => {
 
       const accountA = await useAccountFixture(node.wallet, 'A')
       const accountB = await useAccountFixture(node.wallet, 'B')
-      await walletDb.encryptAccounts([accountA, accountB], passphrase)
+      await walletDb.encryptAccounts(passphrase)
 
       const encryptedAccountById = new Map<string, EncryptedAccount>()
       for await (const [id, accountValue] of walletDb.loadAccounts()) {
@@ -522,7 +522,7 @@ describe('WalletDB', () => {
       const encryptedAccountB = encryptedAccountById.get(accountB.id)
       Assert.isNotUndefined(encryptedAccountB)
 
-      await walletDb.decryptAccounts([encryptedAccountA, encryptedAccountB], passphrase)
+      await walletDb.decryptAccounts(passphrase)
 
       const accountById = new Map<string, Account>()
       for await (const [id, accountValue] of walletDb.loadAccounts()) {
@@ -551,7 +551,7 @@ describe('WalletDB', () => {
       const accountA = await useAccountFixture(node.wallet, 'A')
       const accountB = await useAccountFixture(node.wallet, 'B')
 
-      await walletDb.encryptAccounts([accountA, accountB], passphrase)
+      await walletDb.encryptAccounts(passphrase)
 
       const encryptedAccountById = new Map<string, EncryptedAccount>()
       for await (const [id, accountValue] of walletDb.loadAccounts()) {
@@ -570,9 +570,9 @@ describe('WalletDB', () => {
       const encryptedAccountB = encryptedAccountById.get(accountB.id)
       Assert.isNotUndefined(encryptedAccountB)
 
-      await expect(
-        walletDb.decryptAccounts([encryptedAccountA, encryptedAccountB], invalidPassphrase),
-      ).rejects.toThrow(AccountDecryptionFailedError)
+      await expect(walletDb.decryptAccounts(invalidPassphrase)).rejects.toThrow(
+        AccountDecryptionFailedError,
+      )
     })
   })
 
@@ -595,9 +595,9 @@ describe('WalletDB', () => {
       const walletDb = node.wallet.walletDb
       const passphrase = 'test'
 
-      const accountA = await useAccountFixture(node.wallet, 'A')
-      const accountB = await useAccountFixture(node.wallet, 'B')
-      await walletDb.encryptAccounts([accountA, accountB], passphrase)
+      await useAccountFixture(node.wallet, 'A')
+      await useAccountFixture(node.wallet, 'B')
+      await walletDb.encryptAccounts(passphrase)
 
       expect(await walletDb.accountsEncrypted()).toBe(true)
     })
diff --git a/ironfish/src/wallet/walletdb/walletdb.ts b/ironfish/src/wallet/walletdb/walletdb.ts
@@ -1189,28 +1189,33 @@ export class WalletDB {
     }
   }
 
-  async encryptAccounts(
-    accounts: Account[],
-    passphrase: string,
-    tx?: IDatabaseTransaction,
-  ): Promise<void> {
+  async encryptAccounts(passphrase: string, tx?: IDatabaseTransaction): Promise<void> {
     await this.db.withTransaction(tx, async (tx) => {
-      for (const account of accounts) {
+      for await (const [id, accountValue] of this.accounts.getAllIter()) {
+        if (accountValue.encrypted) {
+          throw new Error('Account is already encrypted')
+        }
+
+        const account = new Account({ accountValue, walletDb: this })
         const encryptedAccount = account.encrypt(passphrase)
-        await this.accounts.put(account.id, encryptedAccount.serialize(), tx)
+        await this.accounts.put(id, encryptedAccount.serialize(), tx)
       }
     })
   }
 
-  async decryptAccounts(
-    encryptedAccounts: EncryptedAccount[],
-    passphrase: string,
-    tx?: IDatabaseTransaction,
-  ): Promise<void> {
+  async decryptAccounts(passphrase: string, tx?: IDatabaseTransaction): Promise<void> {
     await this.db.withTransaction(tx, async (tx) => {
-      for (const encryptedAccount of encryptedAccounts) {
+      for await (const [id, accountValue] of this.accounts.getAllIter()) {
+        if (!accountValue.encrypted) {
+          throw new Error('Account is already decrypted')
+        }
+
+        const encryptedAccount = new EncryptedAccount({
+          data: accountValue.data,
+          walletDb: this,
+        })
         const account = encryptedAccount.decrypt(passphrase)
-        await this.accounts.put(account.id, account.serialize(), tx)
+        await this.accounts.put(id, account.serialize(), tx)
       }
     })
   }
