18713149743

Committed 22 Oct 2025 10:24AM UTC coverage: 83.771% (-0.02%) from 83.791%

Build # 18713149743

Build Type

Pull #1158

github

Committed by

web-flow

Commit Message

Merge b7c874176 into 3e30f4ed3

Pull Request Pull Request #1158: Add completed_event_id FK to prevent session replay

Run Details

88 of 108 new or added lines in 4 files covered. (81.48%)

133 existing lines in 5 files now uncovered.

9059 of 10814 relevant lines covered (83.77%)

458.06 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

81.68

/payjoin-cli/src/db/v2.rs

use std::sync::Arc;

use payjoin::persist::SessionPersister;
use payjoin::receive::v2::SessionEvent as ReceiverSessionEvent;
use payjoin::send::v2::SessionEvent as SenderSessionEvent;
use payjoin::HpkePublicKey;
use rusqlite::params;

use super::*;

#[derive(Debug, Clone)]
pub(crate) struct SessionId(i64);

impl core::ops::Deref for SessionId {
    type Target = i64;
    fn deref(&self) -> &Self::Target { &self.0 }
}

impl std::fmt::Display for SessionId {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { write!(f, "{}", self.0) }
}

#[derive(Clone)]
pub(crate) struct SenderPersister {
    db: Arc<Database>,
    session_id: SessionId,
}

impl SenderPersister {
    pub fn new(db: Arc<Database>, receiver_pubkey: HpkePublicKey) -> crate::db::Result<Self> {
        let conn = db.get_connection()?;

        // Create a new session in send_sessions and get its ID
        let session_id: i64 = conn.query_row(
            "INSERT INTO send_sessions (session_id, receiver_pubkey) VALUES (NULL, ?1) RETURNING session_id",
            params![receiver_pubkey.to_compressed_bytes()],
            |row| row.get(0),
        )?;

        Ok(Self { db, session_id: SessionId(session_id) })
    }

    pub fn from_id(db: Arc<Database>, id: SessionId) -> Self { Self { db, session_id: id } }
}

impl SessionPersister for SenderPersister {
    type SessionEvent = SenderSessionEvent;
    type InternalStorageError = crate::db::error::Error;

    fn save_event(
        &self,
        event: SenderSessionEvent,
    ) -> std::result::Result<(), Self::InternalStorageError> {
        let conn = self.db.get_connection()?;
        let event_data = serde_json::to_string(&event).map_err(Error::Serialize)?;

        conn.execute(
            "INSERT INTO send_session_events (session_id, event_data, created_at) VALUES (?1, ?2, ?3)",
            params![*self.session_id, event_data, now()],
        )?;

        Ok(())
    }

    fn load(
        &self,
    ) -> std::result::Result<Box<dyn Iterator<Item = SenderSessionEvent>>, Self::InternalStorageError>
    {
        let conn = self.db.get_connection()?;
        let mut stmt = conn.prepare(
            "SELECT event_data FROM send_session_events WHERE session_id = ?1 ORDER BY created_at ASC",
        )?;

        let event_rows = stmt.query_map(params![*self.session_id], |row| {
            let event_data: String = row.get(0)?;
            Ok(event_data)
        })?;

        let events: Vec<SenderSessionEvent> = event_rows
            .map(|row| {
                let event_data = row.expect("Failed to read event data from database");
                serde_json::from_str::<SenderSessionEvent>(&event_data)
                    .expect("Database corruption: failed to deserialize session event")
            })
            .collect();

        Ok(Box::new(events.into_iter()))
    }

    fn close(&self) -> std::result::Result<(), Self::InternalStorageError> {
        let conn = self.db.get_connection()?;

        let completed_event_id: Option<i64> = conn
            .query_row(
                "SELECT id FROM send_session_events 
             WHERE session_id = ?1 
             ORDER BY created_at DESC LIMIT 1",
                params![*self.session_id],
                |row| row.get(0),
            )
            .ok();

        conn.execute(
            "UPDATE send_sessions SET completed_at = ?1, completed_event_id = ?2 WHERE session_id = ?3",
            params![now(), completed_event_id, *self.session_id],
        )?;

        Ok(())
    }
}

#[derive(Clone)]
pub(crate) struct ReceiverPersister {
    db: Arc<Database>,
    session_id: SessionId,
}

impl ReceiverPersister {
    pub fn new(db: Arc<Database>) -> crate::db::Result<Self> {
        let conn = db.get_connection()?;

        // Create a new session in receive_sessions and get its ID
        let session_id: i64 = conn.query_row(
            "INSERT INTO receive_sessions (session_id) VALUES (NULL) RETURNING session_id",
            [],
            |row| row.get(0),
        )?;

        Ok(Self { db, session_id: SessionId(session_id) })
    }

    pub fn from_id(db: Arc<Database>, id: SessionId) -> Self { Self { db, session_id: id } }
}

impl SessionPersister for ReceiverPersister {
    type SessionEvent = ReceiverSessionEvent;
    type InternalStorageError = crate::db::error::Error;

    fn save_event(
        &self,
        event: ReceiverSessionEvent,
    ) -> std::result::Result<(), Self::InternalStorageError> {
        let conn = self.db.get_connection()?;
        let event_data = serde_json::to_string(&event).map_err(Error::Serialize)?;

        conn.execute(
            "INSERT INTO receive_session_events (session_id, event_data, created_at) VALUES (?1, ?2, ?3)",
            params![*self.session_id, event_data, now()],
        )?;

        Ok(())
    }

    fn load(
        &self,
    ) -> std::result::Result<
        Box<dyn Iterator<Item = ReceiverSessionEvent>>,
        Self::InternalStorageError,
    > {
        let conn = self.db.get_connection()?;
        let mut stmt = conn.prepare(
            "SELECT event_data FROM receive_session_events WHERE session_id = ?1 ORDER BY created_at ASC",
        )?;

        let event_rows = stmt.query_map(params![*self.session_id], |row| {
            let event_data: String = row.get(0)?;
            Ok(event_data)
        })?;

        let events: Vec<ReceiverSessionEvent> = event_rows
            .map(|row| {
                let event_data = row.expect("Failed to read event data from database");
                serde_json::from_str::<ReceiverSessionEvent>(&event_data)
                    .expect("Database corruption: failed to deserialize session event")
            })
            .collect();

        Ok(Box::new(events.into_iter()))
    }

    fn close(&self) -> std::result::Result<(), Self::InternalStorageError> {
        let conn = self.db.get_connection()?;

        let completed_event_id: Option<i64> = conn
            .query_row(
                "SELECT id FROM receive_session_events 
             WHERE session_id = ?1 
             ORDER BY created_at DESC LIMIT 1",
                params![*self.session_id],
                |row| row.get(0),
            )
            .ok();

        conn.execute(
            "UPDATE receive_sessions SET completed_at = ?1, completed_event_id = ?2 WHERE session_id = ?3",
            params![now(), completed_event_id, *self.session_id],
        )?;

        Ok(())
    }
}

impl Database {
    pub(crate) fn get_recv_session_ids(&self) -> Result<Vec<SessionId>> {
        let conn = self.get_connection()?;
        let mut stmt =
            conn.prepare("SELECT session_id FROM receive_sessions WHERE completed_at IS NULL")?;

        let session_rows = stmt.query_map([], |row| {
            let session_id: i64 = row.get(0)?;
            Ok(SessionId(session_id))
        })?;

        let mut session_ids = Vec::new();
        for session_row in session_rows {
            let session_id = session_row?;
            session_ids.push(session_id);
        }

        Ok(session_ids)
    }

    pub(crate) fn get_send_session_ids(&self) -> Result<Vec<SessionId>> {
        let conn = self.get_connection()?;
        let mut stmt =
            conn.prepare("SELECT session_id FROM send_sessions WHERE completed_at IS NULL")?;

        let session_rows = stmt.query_map([], |row| {
            let session_id: i64 = row.get(0)?;
            Ok(SessionId(session_id))
        })?;

        let mut session_ids = Vec::new();
        for session_row in session_rows {
            let session_id = session_row?;
            session_ids.push(session_id);
        }

        Ok(session_ids)
    }

    pub(crate) fn get_send_session_receiver_pk(
        &self,
        session_id: &SessionId,
    ) -> Result<HpkePublicKey> {
        let conn = self.get_connection()?;
        let mut stmt =
            conn.prepare("SELECT receiver_pubkey FROM send_sessions WHERE session_id = ?1")?;
        let receiver_pubkey: Vec<u8> = stmt.query_row(params![session_id.0], |row| row.get(0))?;
        Ok(HpkePublicKey::from_compressed_bytes(&receiver_pubkey).expect("Valid receiver pubkey"))
    }

    pub(crate) fn get_inactive_send_session_ids(&self) -> Result<Vec<(SessionId, u64)>> {
        let conn = self.get_connection()?;
        let mut stmt = conn.prepare(
            "SELECT session_id, completed_at FROM send_sessions WHERE completed_at IS NOT NULL",
        )?;
        let session_rows = stmt.query_map([], |row| {
            let session_id: i64 = row.get(0)?;
            let completed_at: u64 = row.get(1)?;
            Ok((SessionId(session_id), completed_at))
        })?;

        let mut session_ids = Vec::new();
        for session_row in session_rows {
            let (session_id, completed_at) = session_row?;
            session_ids.push((session_id, completed_at));
        }
        Ok(session_ids)
    }

    pub(crate) fn get_inactive_recv_session_ids(&self) -> Result<Vec<(SessionId, u64)>> {
        let conn = self.get_connection()?;
        let mut stmt = conn.prepare(
            "SELECT session_id, completed_at FROM receive_sessions WHERE completed_at IS NOT NULL",
        )?;
        let session_rows = stmt.query_map([], |row| {
            let session_id: i64 = row.get(0)?;
            let completed_at: u64 = row.get(1)?;
            Ok((SessionId(session_id), completed_at))
        })?;

        let mut session_ids = Vec::new();
        for session_row in session_rows {
            let (session_id, completed_at) = session_row?;
            session_ids.push((session_id, completed_at));
        }
        Ok(session_ids)
    }
}

1	use std::sync::Arc;
2
3	use payjoin::persist::SessionPersister;
4	use payjoin::receive::v2::SessionEvent as ReceiverSessionEvent;
5	use payjoin::send::v2::SessionEvent as SenderSessionEvent;
6	use payjoin::HpkePublicKey;
7	use rusqlite::params;
8
9	use super::*;
10
11	#[derive(Debug, Clone)]
12	pub(crate) struct SessionId(i64);
13
14	impl core::ops::Deref for SessionId {
15	type Target = i64;
16	fn deref(&self) -> &Self::Target { &self.0 }	25✔
17	}
18
19	impl std::fmt::Display for SessionId {
20	fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { write!(f, "{}", self.0) }	×
21	}
22
23	#[derive(Clone)]
24	pub(crate) struct SenderPersister {
25	db: Arc<Database>,
26	session_id: SessionId,
27	}
28
29	impl SenderPersister {
30	pub fn new(db: Arc<Database>, receiver_pubkey: HpkePublicKey) -> crate::db::Result<Self> {	1✔
31	let conn = db.get_connection()?;	1✔
32
33	// Create a new session in send_sessions and get its ID
34	let session_id: i64 = conn.query_row(	1✔
35	"INSERT INTO send_sessions (session_id, receiver_pubkey) VALUES (NULL, ?1) RETURNING session_id",	1✔
36	params![receiver_pubkey.to_compressed_bytes()],	1✔
37	\|row\| row.get(0),	1✔
38	)?;	×
39
40	Ok(Self { db, session_id: SessionId(session_id) })	1✔
41	}	1✔
42
43	pub fn from_id(db: Arc<Database>, id: SessionId) -> Self { Self { db, session_id: id } }	1✔
44	}
45
46	impl SessionPersister for SenderPersister {
47	type SessionEvent = SenderSessionEvent;
48	type InternalStorageError = crate::db::error::Error;
49
50	fn save_event(	4✔
51	&self,	4✔
52	event: SenderSessionEvent,	4✔
53	) -> std::result::Result<(), Self::InternalStorageError> {	4✔
54	let conn = self.db.get_connection()?;	4✔
55	let event_data = serde_json::to_string(&event).map_err(Error::Serialize)?;	4✔
56
57	conn.execute(	4✔
58	"INSERT INTO send_session_events (session_id, event_data, created_at) VALUES (?1, ?2, ?3)",	4✔
59	params![*self.session_id, event_data, now()],	4✔
60	)?;	4✔
61
62	Ok(())	4✔
63	}	4✔
64
65	fn load(	1✔
66	&self,	1✔
67	) -> std::result::Result<Box<dyn Iterator<Item = SenderSessionEvent>>, Self::InternalStorageError>	1✔
68	{
69	let conn = self.db.get_connection()?;	1✔
70	let mut stmt = conn.prepare(	1✔
71	"SELECT event_data FROM send_session_events WHERE session_id = ?1 ORDER BY created_at ASC",	1✔
72	)?;	1✔
73
74	let event_rows = stmt.query_map(params![*self.session_id], \|row\| {	2✔
75	let event_data: String = row.get(0)?;	2✔
76	Ok(event_data)	2✔
77	})?;	2✔
78
79	let events: Vec<SenderSessionEvent> = event_rows	1✔
80	.map(\|row\| {	2✔
81	let event_data = row.expect("Failed to read event data from database");	2✔
82	serde_json::from_str::<SenderSessionEvent>(&event_data)	2✔
83	.expect("Database corruption: failed to deserialize session event")	2✔
84	})	2✔
85	.collect();	1✔
86
87	Ok(Box::new(events.into_iter()))	1✔
88	}	1✔
89
90	fn close(&self) -> std::result::Result<(), Self::InternalStorageError> {	2✔
91	let conn = self.db.get_connection()?;	2✔
92
93	let completed_event_id: Option<i64> = conn	2✔
94	.query_row(	2✔
95	"SELECT id FROM send_session_events	2✔
96	WHERE session_id = ?1	2✔
97	ORDER BY created_at DESC LIMIT 1",	2✔
98	params![*self.session_id],	2✔
99	\|row\| row.get(0),	2✔
100	)
101	.ok();	2✔
102
103	conn.execute(	2✔
104	"UPDATE send_sessions SET completed_at = ?1, completed_event_id = ?2 WHERE session_id = ?3",	2✔
105	params![now(), completed_event_id, *self.session_id],	2✔
106	)?;	2✔
107
108	Ok(())	2✔
109	}	2✔
110	}
111
112	#[derive(Clone)]
113	pub(crate) struct ReceiverPersister {
114	db: Arc<Database>,
115	session_id: SessionId,
116	}
117
118	impl ReceiverPersister {
119	pub fn new(db: Arc<Database>) -> crate::db::Result<Self> {	1✔
120	let conn = db.get_connection()?;	1✔
121
122	// Create a new session in receive_sessions and get its ID
123	let session_id: i64 = conn.query_row(	1✔
124	"INSERT INTO receive_sessions (session_id) VALUES (NULL) RETURNING session_id",	1✔
125	[],	1✔
126	\|row\| row.get(0),	1✔
UNCOV 127	)?;	×
128
129	Ok(Self { db, session_id: SessionId(session_id) })	1✔
130	}	1✔
131
132	pub fn from_id(db: Arc<Database>, id: SessionId) -> Self { Self { db, session_id: id } }	2✔
133	}
134
135	impl SessionPersister for ReceiverPersister {
136	type SessionEvent = ReceiverSessionEvent;
137	type InternalStorageError = crate::db::error::Error;
138
139	fn save_event(	12✔
140	&self,	12✔
141	event: ReceiverSessionEvent,	12✔
142	) -> std::result::Result<(), Self::InternalStorageError> {	12✔
143	let conn = self.db.get_connection()?;	12✔
144	let event_data = serde_json::to_string(&event).map_err(Error::Serialize)?;	12✔
145
146	conn.execute(	12✔
147	"INSERT INTO receive_session_events (session_id, event_data, created_at) VALUES (?1, ?2, ?3)",	12✔
148	params![*self.session_id, event_data, now()],	12✔
149	)?;	12✔
150
151	Ok(())	12✔
152	}	12✔
153
154	fn load(	2✔
155	&self,	2✔
156	) -> std::result::Result<	2✔
157	Box<dyn Iterator<Item = ReceiverSessionEvent>>,	2✔
158	Self::InternalStorageError,	2✔
159	> {	2✔
160	let conn = self.db.get_connection()?;	2✔
161	let mut stmt = conn.prepare(	2✔
162	"SELECT event_data FROM receive_session_events WHERE session_id = ?1 ORDER BY created_at ASC",	2✔
163	)?;	2✔
164
165	let event_rows = stmt.query_map(params![*self.session_id], \|row\| {	12✔
166	let event_data: String = row.get(0)?;	12✔
167	Ok(event_data)	12✔
168	})?;	12✔
169
170	let events: Vec<ReceiverSessionEvent> = event_rows	2✔
171	.map(\|row\| {	12✔
172	let event_data = row.expect("Failed to read event data from database");	12✔
173	serde_json::from_str::<ReceiverSessionEvent>(&event_data)	12✔
174	.expect("Database corruption: failed to deserialize session event")	12✔
175	})	12✔
176	.collect();	2✔
177
178	Ok(Box::new(events.into_iter()))	2✔
179	}	2✔
180
181	fn close(&self) -> std::result::Result<(), Self::InternalStorageError> {	1✔
182	let conn = self.db.get_connection()?;	1✔
183
184	let completed_event_id: Option<i64> = conn	1✔
185	.query_row(	1✔
186	"SELECT id FROM receive_session_events	1✔
187	WHERE session_id = ?1	1✔
188	ORDER BY created_at DESC LIMIT 1",	1✔
189	params![*self.session_id],	1✔
190	\|row\| row.get(0),	1✔
191	)
192	.ok();	1✔
193
194	conn.execute(	1✔
195	"UPDATE receive_sessions SET completed_at = ?1, completed_event_id = ?2 WHERE session_id = ?3",	1✔
196	params![now(), completed_event_id, *self.session_id],	1✔
197	)?;	1✔
198
199	Ok(())	1✔
200	}	1✔
201	}
202
203	impl Database {
204	pub(crate) fn get_recv_session_ids(&self) -> Result<Vec<SessionId>> {	4✔
205	let conn = self.get_connection()?;	4✔
206	let mut stmt =	4✔
207	conn.prepare("SELECT session_id FROM receive_sessions WHERE completed_at IS NULL")?;	4✔
208
209	let session_rows = stmt.query_map([], \|row\| {	4✔
210	let session_id: i64 = row.get(0)?;	2✔
211	Ok(SessionId(session_id))	2✔
212	})?;	2✔
213
214	let mut session_ids = Vec::new();	4✔
215	for session_row in session_rows {	6✔
216	let session_id = session_row?;	2✔
217	session_ids.push(session_id);	2✔
218	}
219
220	Ok(session_ids)	4✔
221	}	4✔
222
223	pub(crate) fn get_send_session_ids(&self) -> Result<Vec<SessionId>> {	6✔
224	let conn = self.get_connection()?;	6✔
225	let mut stmt =	6✔
226	conn.prepare("SELECT session_id FROM send_sessions WHERE completed_at IS NULL")?;	6✔
227
228	let session_rows = stmt.query_map([], \|row\| {	6✔
229	let session_id: i64 = row.get(0)?;	1✔
230	Ok(SessionId(session_id))	1✔
231	})?;	1✔
232
233	let mut session_ids = Vec::new();	6✔
234	for session_row in session_rows {	7✔
235	let session_id = session_row?;	1✔
236	session_ids.push(session_id);	1✔
237	}
238
239	Ok(session_ids)	6✔
240	}	6✔
241
242	pub(crate) fn get_send_session_receiver_pk(	1✔
243	&self,	1✔
244	session_id: &SessionId,	1✔
245	) -> Result<HpkePublicKey> {	1✔
246	let conn = self.get_connection()?;	1✔
247	let mut stmt =	1✔
248	conn.prepare("SELECT receiver_pubkey FROM send_sessions WHERE session_id = ?1")?;	1✔
249	let receiver_pubkey: Vec<u8> = stmt.query_row(params![session_id.0], \|row\| row.get(0))?;	1✔
250	Ok(HpkePublicKey::from_compressed_bytes(&receiver_pubkey).expect("Valid receiver pubkey"))	1✔
251	}	1✔
252
UNCOV 253	pub(crate) fn get_inactive_send_session_ids(&self) -> Result<Vec<(SessionId, u64)>> {	×
UNCOV 254	let conn = self.get_connection()?;	×
UNCOV 255	let mut stmt = conn.prepare(	×
UNCOV 256	"SELECT session_id, completed_at FROM send_sessions WHERE completed_at IS NOT NULL",	×
UNCOV 257	)?;	×
UNCOV 258	let session_rows = stmt.query_map([], \|row\| {	×
259	let session_id: i64 = row.get(0)?;	×
260	let completed_at: u64 = row.get(1)?;	×
261	Ok((SessionId(session_id), completed_at))	×
262	})?;	×
263
264	let mut session_ids = Vec::new();	×
265	for session_row in session_rows {	×
266	let (session_id, completed_at) = session_row?;	×
267	session_ids.push((session_id, completed_at));	×
268	}
269	Ok(session_ids)	×
270	}	×
271
UNCOV 272	pub(crate) fn get_inactive_recv_session_ids(&self) -> Result<Vec<(SessionId, u64)>> {	×
273	let conn = self.get_connection()?;	×
274	let mut stmt = conn.prepare(	×
275	"SELECT session_id, completed_at FROM receive_sessions WHERE completed_at IS NOT NULL",	×
276	)?;	×
UNCOV 277	let session_rows = stmt.query_map([], \|row\| {	×
278	let session_id: i64 = row.get(0)?;	×
279	let completed_at: u64 = row.get(1)?;	×
UNCOV 280	Ok((SessionId(session_id), completed_at))	×
281	})?;	×
282
283	let mut session_ids = Vec::new();	×
284	for session_row in session_rows {	×
285	let (session_id, completed_at) = session_row?;	×
286	session_ids.push((session_id, completed_at));	×
287	}
288	Ok(session_ids)	×
289	}	×
290	}

payjoin / rust-payjoin / 18713149743

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous