18764208443

Committed 23 Oct 2025 10:56PM UTC coverage: 83.699% (-0.04%) from 83.736%

Build # 18764208443

Build Type

Pull #1158

github

Committed by

web-flow

Commit Message

Merge 4bdeac661 into 84fdf03ad

Pull Request Pull Request #1158: Add completed_event_id FK to prevent session replay

Run Details

31 of 41 new or added lines in 3 files covered. (75.61%)

1 existing line in 1 file now uncovered.

9001 of 10754 relevant lines covered (83.7%)

460.61 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

79.6

/payjoin-cli/src/db/v2.rs

use std::sync::Arc;

use payjoin::persist::SessionPersister;
use payjoin::receive::v2::SessionEvent as ReceiverSessionEvent;
use payjoin::send::v2::SessionEvent as SenderSessionEvent;
use payjoin::HpkePublicKey;
use rusqlite::params;

use super::*;

#[derive(Debug, Clone)]
pub(crate) struct SessionId(i64);

impl core::ops::Deref for SessionId {
    type Target = i64;
    fn deref(&self) -> &Self::Target { &self.0 }
}

impl std::fmt::Display for SessionId {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { write!(f, "{}", self.0) }
}

#[derive(Clone)]
pub(crate) struct SenderPersister {
    db: Arc<Database>,
    session_id: SessionId,
}

impl SenderPersister {
    pub fn new(db: Arc<Database>, receiver_pubkey: HpkePublicKey) -> crate::db::Result<Self> {
        let conn = db.get_connection()?;

        // Create a new session in send_sessions and get its ID
        let session_id: i64 = conn.query_row(
            "INSERT INTO send_sessions (session_id, receiver_pubkey) VALUES (NULL, ?1) RETURNING session_id",
            params![receiver_pubkey.to_compressed_bytes()],
            |row| row.get(0),
        )?;

        Ok(Self { db, session_id: SessionId(session_id) })
    }

    pub fn from_id(db: Arc<Database>, id: SessionId) -> Self { Self { db, session_id: id } }
}

impl SessionPersister for SenderPersister {
    type SessionEvent = SenderSessionEvent;
    type InternalStorageError = crate::db::error::Error;

    fn save_event(
        &self,
        event: SenderSessionEvent,
    ) -> std::result::Result<(), Self::InternalStorageError> {
        let conn = self.db.get_connection()?;
        let event_data = serde_json::to_string(&event).map_err(Error::Serialize)?;

        conn.execute(
            "INSERT INTO send_session_events (session_id, event_data, created_at) VALUES (?1, ?2, ?3)",
            params![*self.session_id, event_data, now()],
        )?;

        Ok(())
    }

    fn load(
        &self,
    ) -> std::result::Result<Box<dyn Iterator<Item = SenderSessionEvent>>, Self::InternalStorageError>
    {
        let conn = self.db.get_connection()?;
        let mut stmt = conn.prepare(
            "SELECT event_data FROM send_session_events WHERE session_id = ?1 ORDER BY created_at ASC",
        )?;

        let event_rows = stmt.query_map(params![*self.session_id], |row| {
            let event_data: String = row.get(0)?;
            Ok(event_data)
        })?;

        let events: Vec<SenderSessionEvent> = event_rows
            .map(|row| {
                let event_data = row.expect("Failed to read event data from database");
                serde_json::from_str::<SenderSessionEvent>(&event_data)
                    .expect("Database corruption: failed to deserialize session event")
            })
            .collect();

        Ok(Box::new(events.into_iter()))
    }

    fn close(&self) -> std::result::Result<(), Self::InternalStorageError> {
        let conn = self.db.get_connection()?;

        let completed_event_id: Option<i64> = conn
            .query_row(
                "SELECT id FROM send_session_events 
             WHERE session_id = ?1 
             ORDER BY created_at DESC LIMIT 1",
                params![*self.session_id],
                |row| row.get(0),
            )
            .ok();

        let completed_event_id = completed_event_id
            .ok_or_else(|| format!("completed_event_id for Session {} is none", self.session_id))?;

        conn.execute(
            "UPDATE send_sessions SET completed_event_id = ?1 WHERE session_id = ?2",
            params![completed_event_id, *self.session_id],
        )?;

        Ok(())
    }
}

#[derive(Clone)]
pub(crate) struct ReceiverPersister {
    db: Arc<Database>,
    session_id: SessionId,
}

impl ReceiverPersister {
    pub fn new(db: Arc<Database>) -> crate::db::Result<Self> {
        let conn = db.get_connection()?;

        // Create a new session in receive_sessions and get its ID
        let session_id: i64 = conn.query_row(
            "INSERT INTO receive_sessions (session_id) VALUES (NULL) RETURNING session_id",
            [],
            |row| row.get(0),
        )?;

        Ok(Self { db, session_id: SessionId(session_id) })
    }

    pub fn from_id(db: Arc<Database>, id: SessionId) -> Self { Self { db, session_id: id } }
}

impl SessionPersister for ReceiverPersister {
    type SessionEvent = ReceiverSessionEvent;
    type InternalStorageError = crate::db::error::Error;

    fn save_event(
        &self,
        event: ReceiverSessionEvent,
    ) -> std::result::Result<(), Self::InternalStorageError> {
        let conn = self.db.get_connection()?;
        let event_data = serde_json::to_string(&event).map_err(Error::Serialize)?;

        conn.execute(
            "INSERT INTO receive_session_events (session_id, event_data, created_at) VALUES (?1, ?2, ?3)",
            params![*self.session_id, event_data, now()],
        )?;

        Ok(())
    }

    fn load(
        &self,
    ) -> std::result::Result<
        Box<dyn Iterator<Item = ReceiverSessionEvent>>,
        Self::InternalStorageError,
    > {
        let conn = self.db.get_connection()?;
        let mut stmt = conn.prepare(
            "SELECT event_data FROM receive_session_events WHERE session_id = ?1 ORDER BY created_at ASC",
        )?;

        let event_rows = stmt.query_map(params![*self.session_id], |row| {
            let event_data: String = row.get(0)?;
            Ok(event_data)
        })?;

        let events: Vec<ReceiverSessionEvent> = event_rows
            .map(|row| {
                let event_data = row.expect("Failed to read event data from database");
                serde_json::from_str::<ReceiverSessionEvent>(&event_data)
                    .expect("Database corruption: failed to deserialize session event")
            })
            .collect();

        Ok(Box::new(events.into_iter()))
    }

    fn close(&self) -> std::result::Result<(), Self::InternalStorageError> {
        let conn = self.db.get_connection()?;

        let completed_event_id: Option<i64> = conn
            .query_row(
                "SELECT id FROM receive_session_events 
             WHERE session_id = ?1 
             ORDER BY created_at DESC LIMIT 1",
                params![*self.session_id],
                |row| row.get(0),
            )
            .ok();

        let completed_event_id = completed_event_id
            .ok_or_else(|| format!("completed_event_id for Session {} is none", self.session_id))?;

        conn.execute(
            "UPDATE receive_sessions SET completed_event_id = ?1 WHERE session_id = ?2",
            params![completed_event_id, *self.session_id],
        )?;

        Ok(())
    }
}

impl Database {
    pub(crate) fn get_recv_session_ids(&self) -> Result<Vec<SessionId>> {
        let conn = self.get_connection()?;
        let mut stmt = conn
            .prepare("SELECT session_id FROM receive_sessions WHERE completed_event_id IS NULL")?;

        let session_rows = stmt.query_map([], |row| {
            let session_id: i64 = row.get(0)?;
            Ok(SessionId(session_id))
        })?;

        let mut session_ids = Vec::new();
        for session_row in session_rows {
            let session_id = session_row?;
            session_ids.push(session_id);
        }

        Ok(session_ids)
    }

    pub(crate) fn get_send_session_ids(&self) -> Result<Vec<SessionId>> {
        let conn = self.get_connection()?;
        let mut stmt =
            conn.prepare("SELECT session_id FROM send_sessions WHERE completed_event_id IS NULL")?;

        let session_rows = stmt.query_map([], |row| {
            let session_id: i64 = row.get(0)?;
            Ok(SessionId(session_id))
        })?;

        let mut session_ids = Vec::new();
        for session_row in session_rows {
            let session_id = session_row?;
            session_ids.push(session_id);
        }

        Ok(session_ids)
    }

    pub(crate) fn get_send_session_receiver_pk(
        &self,
        session_id: &SessionId,
    ) -> Result<HpkePublicKey> {
        let conn = self.get_connection()?;
        let mut stmt =
            conn.prepare("SELECT receiver_pubkey FROM send_sessions WHERE session_id = ?1")?;
        let receiver_pubkey: Vec<u8> = stmt.query_row(params![session_id.0], |row| row.get(0))?;
        Ok(HpkePublicKey::from_compressed_bytes(&receiver_pubkey).expect("Valid receiver pubkey"))
    }

    pub(crate) fn get_inactive_send_session_ids(&self) -> Result<Vec<(SessionId, u64)>> {
        let conn = self.get_connection()?;
        let mut stmt = conn.prepare(
            "SELECT s.session_id, e.created_at 
             FROM send_sessions s 
             JOIN send_session_events e ON s.completed_event_id = e.id 
             WHERE s.completed_event_id IS NOT NULL",
        )?;
        let session_rows = stmt.query_map([], |row| {
            let session_id: i64 = row.get(0)?;
            let completed_at: u64 = row.get(1)?;
            Ok((SessionId(session_id), completed_at))
        })?;

        let mut session_ids = Vec::new();
        for session_row in session_rows {
            let (session_id, completed_at) = session_row?;
            session_ids.push((session_id, completed_at));
        }
        Ok(session_ids)
    }

    pub(crate) fn get_inactive_recv_session_ids(&self) -> Result<Vec<(SessionId, u64)>> {
        let conn = self.get_connection()?;
        let mut stmt = conn.prepare(
            "SELECT r.session_id, e.created_at 
             FROM receive_sessions r 
             JOIN receive_session_events e ON r.completed_event_id = e.id 
             WHERE r.completed_event_id IS NOT NULL",
        )?;
        let session_rows = stmt.query_map([], |row| {
            let session_id: i64 = row.get(0)?;
            let completed_at: u64 = row.get(1)?;
            Ok((SessionId(session_id), completed_at))
        })?;

        let mut session_ids = Vec::new();
        for session_row in session_rows {
            let (session_id, completed_at) = session_row?;
            session_ids.push((session_id, completed_at));
        }
        Ok(session_ids)
    }
}

1	use std::sync::Arc;
2
3	use payjoin::persist::SessionPersister;
4	use payjoin::receive::v2::SessionEvent as ReceiverSessionEvent;
5	use payjoin::send::v2::SessionEvent as SenderSessionEvent;
6	use payjoin::HpkePublicKey;
7	use rusqlite::params;
8
9	use super::*;
10
11	#[derive(Debug, Clone)]
12	pub(crate) struct SessionId(i64);
13
14	impl core::ops::Deref for SessionId {
15	type Target = i64;
16	fn deref(&self) -> &Self::Target { &self.0 }	22✔
17	}
18
19	impl std::fmt::Display for SessionId {
20	fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { write!(f, "{}", self.0) }	×
21	}
22
23	#[derive(Clone)]
24	pub(crate) struct SenderPersister {
25	db: Arc<Database>,
26	session_id: SessionId,
27	}
28
29	impl SenderPersister {
30	pub fn new(db: Arc<Database>, receiver_pubkey: HpkePublicKey) -> crate::db::Result<Self> {	1✔
31	let conn = db.get_connection()?;	1✔
32
33	// Create a new session in send_sessions and get its ID
34	let session_id: i64 = conn.query_row(	1✔
35	"INSERT INTO send_sessions (session_id, receiver_pubkey) VALUES (NULL, ?1) RETURNING session_id",	1✔
36	params![receiver_pubkey.to_compressed_bytes()],	1✔
37	\|row\| row.get(0),	1✔
38	)?;	×
39
40	Ok(Self { db, session_id: SessionId(session_id) })	1✔
41	}	1✔
42
43	pub fn from_id(db: Arc<Database>, id: SessionId) -> Self { Self { db, session_id: id } }	1✔
44	}
45
46	impl SessionPersister for SenderPersister {
47	type SessionEvent = SenderSessionEvent;
48	type InternalStorageError = crate::db::error::Error;
49
50	fn save_event(	3✔
51	&self,	3✔
52	event: SenderSessionEvent,	3✔
53	) -> std::result::Result<(), Self::InternalStorageError> {	3✔
54	let conn = self.db.get_connection()?;	3✔
55	let event_data = serde_json::to_string(&event).map_err(Error::Serialize)?;	3✔
56
57	conn.execute(	3✔
58	"INSERT INTO send_session_events (session_id, event_data, created_at) VALUES (?1, ?2, ?3)",	3✔
59	params![*self.session_id, event_data, now()],	3✔
60	)?;	3✔
61
62	Ok(())	3✔
63	}	3✔
64
65	fn load(	1✔
66	&self,	1✔
67	) -> std::result::Result<Box<dyn Iterator<Item = SenderSessionEvent>>, Self::InternalStorageError>	1✔
68	{
69	let conn = self.db.get_connection()?;	1✔
70	let mut stmt = conn.prepare(	1✔
71	"SELECT event_data FROM send_session_events WHERE session_id = ?1 ORDER BY created_at ASC",	1✔
72	)?;	1✔
73
74	let event_rows = stmt.query_map(params![*self.session_id], \|row\| {	2✔
75	let event_data: String = row.get(0)?;	2✔
76	Ok(event_data)	2✔
77	})?;	2✔
78
79	let events: Vec<SenderSessionEvent> = event_rows	1✔
80	.map(\|row\| {	2✔
81	let event_data = row.expect("Failed to read event data from database");	2✔
82	serde_json::from_str::<SenderSessionEvent>(&event_data)	2✔
83	.expect("Database corruption: failed to deserialize session event")	2✔
84	})	2✔
85	.collect();	1✔
86
87	Ok(Box::new(events.into_iter()))	1✔
88	}	1✔
89
90	fn close(&self) -> std::result::Result<(), Self::InternalStorageError> {	1✔
91	let conn = self.db.get_connection()?;	1✔
92
93	let completed_event_id: Option<i64> = conn	1✔
94	.query_row(	1✔
95	"SELECT id FROM send_session_events	1✔
96	WHERE session_id = ?1	1✔
97	ORDER BY created_at DESC LIMIT 1",	1✔
98	params![*self.session_id],	1✔
99	\|row\| row.get(0),	1✔
100	)
101	.ok();	1✔
102
103	let completed_event_id = completed_event_id	1✔
104	.ok_or_else(\|\| format!("completed_event_id for Session {} is none", self.session_id))?;	1✔
105
106	conn.execute(	1✔
107	"UPDATE send_sessions SET completed_event_id = ?1 WHERE session_id = ?2",	1✔
108	params![completed_event_id, *self.session_id],	1✔
109	)?;	1✔
110
111	Ok(())	1✔
112	}	1✔
113	}
114
115	#[derive(Clone)]
116	pub(crate) struct ReceiverPersister {
117	db: Arc<Database>,
118	session_id: SessionId,
119	}
120
121	impl ReceiverPersister {
122	pub fn new(db: Arc<Database>) -> crate::db::Result<Self> {	1✔
123	let conn = db.get_connection()?;	1✔
124
125	// Create a new session in receive_sessions and get its ID
126	let session_id: i64 = conn.query_row(	1✔
127	"INSERT INTO receive_sessions (session_id) VALUES (NULL) RETURNING session_id",	1✔
128	[],	1✔
129	\|row\| row.get(0),	1✔
130	)?;	×
131
132	Ok(Self { db, session_id: SessionId(session_id) })	1✔
133	}	1✔
134
135	pub fn from_id(db: Arc<Database>, id: SessionId) -> Self { Self { db, session_id: id } }	2✔
136	}
137
138	impl SessionPersister for ReceiverPersister {
139	type SessionEvent = ReceiverSessionEvent;
140	type InternalStorageError = crate::db::error::Error;
141
142	fn save_event(	12✔
143	&self,	12✔
144	event: ReceiverSessionEvent,	12✔
145	) -> std::result::Result<(), Self::InternalStorageError> {	12✔
146	let conn = self.db.get_connection()?;	12✔
147	let event_data = serde_json::to_string(&event).map_err(Error::Serialize)?;	12✔
148
149	conn.execute(	12✔
150	"INSERT INTO receive_session_events (session_id, event_data, created_at) VALUES (?1, ?2, ?3)",	12✔
151	params![*self.session_id, event_data, now()],	12✔
152	)?;	12✔
153
154	Ok(())	12✔
155	}	12✔
156
157	fn load(	2✔
158	&self,	2✔
159	) -> std::result::Result<	2✔
160	Box<dyn Iterator<Item = ReceiverSessionEvent>>,	2✔
161	Self::InternalStorageError,	2✔
162	> {	2✔
163	let conn = self.db.get_connection()?;	2✔
164	let mut stmt = conn.prepare(	2✔
165	"SELECT event_data FROM receive_session_events WHERE session_id = ?1 ORDER BY created_at ASC",	2✔
166	)?;	2✔
167
168	let event_rows = stmt.query_map(params![*self.session_id], \|row\| {	12✔
169	let event_data: String = row.get(0)?;	12✔
170	Ok(event_data)	12✔
171	})?;	12✔
172
173	let events: Vec<ReceiverSessionEvent> = event_rows	2✔
174	.map(\|row\| {	12✔
175	let event_data = row.expect("Failed to read event data from database");	12✔
176	serde_json::from_str::<ReceiverSessionEvent>(&event_data)	12✔
177	.expect("Database corruption: failed to deserialize session event")	12✔
178	})	12✔
179	.collect();	2✔
180
181	Ok(Box::new(events.into_iter()))	2✔
182	}	2✔
183
184	fn close(&self) -> std::result::Result<(), Self::InternalStorageError> {	1✔
185	let conn = self.db.get_connection()?;	1✔
186
187	let completed_event_id: Option<i64> = conn	1✔
188	.query_row(	1✔
189	"SELECT id FROM receive_session_events	1✔
190	WHERE session_id = ?1	1✔
191	ORDER BY created_at DESC LIMIT 1",	1✔
192	params![*self.session_id],	1✔
193	\|row\| row.get(0),	1✔
194	)
195	.ok();	1✔
196
197	let completed_event_id = completed_event_id	1✔
198	.ok_or_else(\|\| format!("completed_event_id for Session {} is none", self.session_id))?;	1✔
199
200	conn.execute(	1✔
201	"UPDATE receive_sessions SET completed_event_id = ?1 WHERE session_id = ?2",	1✔
202	params![completed_event_id, *self.session_id],	1✔
203	)?;	1✔
204
205	Ok(())	1✔
206	}	1✔
207	}
208
209	impl Database {
210	pub(crate) fn get_recv_session_ids(&self) -> Result<Vec<SessionId>> {	4✔
211	let conn = self.get_connection()?;	4✔
212	let mut stmt = conn	4✔
213	.prepare("SELECT session_id FROM receive_sessions WHERE completed_event_id IS NULL")?;	4✔
214
215	let session_rows = stmt.query_map([], \|row\| {	4✔
216	let session_id: i64 = row.get(0)?;	2✔
217	Ok(SessionId(session_id))	2✔
218	})?;	2✔
219
220	let mut session_ids = Vec::new();	4✔
221	for session_row in session_rows {	6✔
222	let session_id = session_row?;	2✔
223	session_ids.push(session_id);	2✔
224	}
225
226	Ok(session_ids)	4✔
227	}	4✔
228
229	pub(crate) fn get_send_session_ids(&self) -> Result<Vec<SessionId>> {	6✔
230	let conn = self.get_connection()?;	6✔
231	let mut stmt =	6✔
232	conn.prepare("SELECT session_id FROM send_sessions WHERE completed_event_id IS NULL")?;	6✔
233
234	let session_rows = stmt.query_map([], \|row\| {	6✔
235	let session_id: i64 = row.get(0)?;	1✔
236	Ok(SessionId(session_id))	1✔
237	})?;	1✔
238
239	let mut session_ids = Vec::new();	6✔
240	for session_row in session_rows {	7✔
241	let session_id = session_row?;	1✔
242	session_ids.push(session_id);	1✔
243	}
244
245	Ok(session_ids)	6✔
246	}	6✔
247
248	pub(crate) fn get_send_session_receiver_pk(	1✔
249	&self,	1✔
250	session_id: &SessionId,	1✔
251	) -> Result<HpkePublicKey> {	1✔
252	let conn = self.get_connection()?;	1✔
253	let mut stmt =	1✔
254	conn.prepare("SELECT receiver_pubkey FROM send_sessions WHERE session_id = ?1")?;	1✔
255	let receiver_pubkey: Vec<u8> = stmt.query_row(params![session_id.0], \|row\| row.get(0))?;	1✔
256	Ok(HpkePublicKey::from_compressed_bytes(&receiver_pubkey).expect("Valid receiver pubkey"))	1✔
257	}	1✔
258
259	pub(crate) fn get_inactive_send_session_ids(&self) -> Result<Vec<(SessionId, u64)>> {	×
260	let conn = self.get_connection()?;	×
261	let mut stmt = conn.prepare(	×
NEW 262	"SELECT s.session_id, e.created_at	×
NEW 263	FROM send_sessions s	×
NEW 264	JOIN send_session_events e ON s.completed_event_id = e.id	×
NEW 265	WHERE s.completed_event_id IS NOT NULL",	×
266	)?;	×
267	let session_rows = stmt.query_map([], \|row\| {	×
268	let session_id: i64 = row.get(0)?;	×
269	let completed_at: u64 = row.get(1)?;	×
270	Ok((SessionId(session_id), completed_at))	×
271	})?;	×
272
273	let mut session_ids = Vec::new();	×
274	for session_row in session_rows {	×
275	let (session_id, completed_at) = session_row?;	×
276	session_ids.push((session_id, completed_at));	×
277	}
278	Ok(session_ids)	×
279	}	×
280
281	pub(crate) fn get_inactive_recv_session_ids(&self) -> Result<Vec<(SessionId, u64)>> {	×
282	let conn = self.get_connection()?;	×
283	let mut stmt = conn.prepare(	×
NEW 284	"SELECT r.session_id, e.created_at	×
NEW 285	FROM receive_sessions r	×
NEW 286	JOIN receive_session_events e ON r.completed_event_id = e.id	×
NEW 287	WHERE r.completed_event_id IS NOT NULL",	×
288	)?;	×
289	let session_rows = stmt.query_map([], \|row\| {	×
290	let session_id: i64 = row.get(0)?;	×
291	let completed_at: u64 = row.get(1)?;	×
292	Ok((SessionId(session_id), completed_at))	×
293	})?;	×
294
295	let mut session_ids = Vec::new();	×
296	for session_row in session_rows {	×
297	let (session_id, completed_at) = session_row?;	×
298	session_ids.push((session_id, completed_at));	×
299	}
300	Ok(session_ids)	×
301	}	×
302	}

payjoin / rust-payjoin / 18764208443

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous