From ef94b5c535b934dbf09bbda0062c0a42765e913d Mon Sep 17 00:00:00 2001 From: Erion Spahija Date: Tue, 24 Jun 2025 15:41:15 +0200 Subject: [PATCH 1/7] default Vault after Signup --- app/actions/_userActions.ts | 34 +++++++++++++++++++---------- components/auth/onboarding-form.tsx | 3 ++- lib/crypto.ts | 7 ++++-- 3 files changed, 30 insertions(+), 14 deletions(-) diff --git a/app/actions/_userActions.ts b/app/actions/_userActions.ts index 68a87d8..db9560b 100644 --- a/app/actions/_userActions.ts +++ b/app/actions/_userActions.ts @@ -9,6 +9,11 @@ import { NotFoundError, } from "@/lib/errors"; import { prisma } from "@/lib/prisma"; +import { createVault } from "./_vaultActions"; + + + + export const finishOnboarding = withErrorHandling( withAuth( @@ -18,6 +23,7 @@ export const finishOnboarding = withErrorHandling( salt: string; publicKey: string; wrappedPrivateKey: string; + generateAndWrapVaultKey:string; } ) => { const client = await clerkClient(); @@ -26,7 +32,7 @@ export const finishOnboarding = withErrorHandling( // eslint-disable-next-line @typescript-eslint/no-non-null-assertion const email = user.primaryEmailAddress!.emailAddress; - const { salt, publicKey, wrappedPrivateKey } = data; + const { salt, publicKey, wrappedPrivateKey, generateAndWrapVaultKey } = data; try { // Check if user already exists @@ -43,16 +49,22 @@ export const finishOnboarding = withErrorHandling( return; } - // Persist the new user - await prisma.user.create({ - data: { - id: user.id, - email, - salt, - publicKey, - wrappedPrivateKey, - }, - }); + // Persist the new user + await prisma.user.create({ + data: { + id: user.id, + email, + salt, + publicKey, + wrappedPrivateKey, + }, + }); + + await createVault({ + name: "Private", + wrappedKey: generateAndWrapVaultKey, + }); + await client.users.updateUser(user.id, { publicMetadata: { diff --git a/components/auth/onboarding-form.tsx b/components/auth/onboarding-form.tsx index f7ad8fe..d553e1b 100644 --- a/components/auth/onboarding-form.tsx +++ b/components/auth/onboarding-form.tsx @@ -44,13 +44,14 @@ export function SignUpForm({ } try { - const { publicKey, wrappedPrivateKey, salt } = + const { publicKey, wrappedPrivateKey, salt, generateAndWrapVaultKey } = await cryptoService.onboarding(password); const response = await finishOnboarding({ salt, publicKey, wrappedPrivateKey, + generateAndWrapVaultKey, }); // Handle error responses diff --git a/lib/crypto.ts b/lib/crypto.ts index 86d7c5e..1c9b696 100644 --- a/lib/crypto.ts +++ b/lib/crypto.ts @@ -1,17 +1,20 @@ export class CryptoService { public async onboarding( password: string - ): Promise<{ publicKey: string; wrappedPrivateKey: string; salt: string }> { + ): Promise<{ publicKey: string; wrappedPrivateKey: string; salt: string; generateAndWrapVaultKey: string }> { const { publicKey, privateKey } = await this.generateKeyPair(); const salt = crypto.getRandomValues(new Uint8Array(16)); const kek = await this.deriveKek(password, salt); const wrappedPrivateKey = await this.wrapPrivateKey(privateKey, kek); const publicKeyBuffer = await crypto.subtle.exportKey("spki", publicKey); + const generateAndWrapVaultKey = await this.generateAndWrapVaultKey(publicKey); + return { publicKey: BufferTransformer.arrayBufferToBase64(publicKeyBuffer), wrappedPrivateKey: BufferTransformer.arrayBufferToBase64(wrappedPrivateKey), salt: BufferTransformer.arrayBufferToBase64(salt.buffer), + generateAndWrapVaultKey: generateAndWrapVaultKey.wrappedKey, }; } @@ -184,7 +187,7 @@ export class CryptoService { hash: "SHA-256", }, true, - ["encrypt", "decrypt"] + ["encrypt", "decrypt", "wrapKey"] ); } From a342b117923dba361587684258350e3eb199609e Mon Sep 17 00:00:00 2001 From: Erion Spahija Date: Tue, 1 Jul 2025 14:52:47 +0200 Subject: [PATCH 2/7] Formatierung --- app/actions/_userActions.ts | 4 ---- 1 file changed, 4 deletions(-) diff --git a/app/actions/_userActions.ts b/app/actions/_userActions.ts index db9560b..8fade09 100644 --- a/app/actions/_userActions.ts +++ b/app/actions/_userActions.ts @@ -11,10 +11,6 @@ import { import { prisma } from "@/lib/prisma"; import { createVault } from "./_vaultActions"; - - - - export const finishOnboarding = withErrorHandling( withAuth( async ( From 54cff9d1159e7141b25a85d92b6954143c4d35fd Mon Sep 17 00:00:00 2001 From: Erion Spahija Date: Tue, 1 Jul 2025 17:48:01 +0200 Subject: [PATCH 3/7] fix --- app/actions/_userActions.ts | 34 +++++++++++++++++----------------- lib/crypto.ts | 12 ++++++++---- 2 files changed, 25 insertions(+), 21 deletions(-) diff --git a/app/actions/_userActions.ts b/app/actions/_userActions.ts index 8fade09..306d7e1 100644 --- a/app/actions/_userActions.ts +++ b/app/actions/_userActions.ts @@ -19,7 +19,7 @@ export const finishOnboarding = withErrorHandling( salt: string; publicKey: string; wrappedPrivateKey: string; - generateAndWrapVaultKey:string; + generateAndWrapVaultKey: string; } ) => { const client = await clerkClient(); @@ -28,7 +28,8 @@ export const finishOnboarding = withErrorHandling( // eslint-disable-next-line @typescript-eslint/no-non-null-assertion const email = user.primaryEmailAddress!.emailAddress; - const { salt, publicKey, wrappedPrivateKey, generateAndWrapVaultKey } = data; + const { salt, publicKey, wrappedPrivateKey, generateAndWrapVaultKey } = + data; try { // Check if user already exists @@ -45,22 +46,21 @@ export const finishOnboarding = withErrorHandling( return; } - // Persist the new user - await prisma.user.create({ - data: { - id: user.id, - email, - salt, - publicKey, - wrappedPrivateKey, - }, - }); - - await createVault({ - name: "Private", - wrappedKey: generateAndWrapVaultKey, - }); + // Persist the new user + await prisma.user.create({ + data: { + id: user.id, + email, + salt, + publicKey, + wrappedPrivateKey, + }, + }); + await createVault({ + name: "Private", + wrappedKey: generateAndWrapVaultKey, + }); await client.users.updateUser(user.id, { publicMetadata: { diff --git a/lib/crypto.ts b/lib/crypto.ts index 1c9b696..76ab431 100644 --- a/lib/crypto.ts +++ b/lib/crypto.ts @@ -1,13 +1,17 @@ export class CryptoService { - public async onboarding( - password: string - ): Promise<{ publicKey: string; wrappedPrivateKey: string; salt: string; generateAndWrapVaultKey: string }> { + public async onboarding(password: string): Promise<{ + publicKey: string; + wrappedPrivateKey: string; + salt: string; + generateAndWrapVaultKey: string; + }> { const { publicKey, privateKey } = await this.generateKeyPair(); const salt = crypto.getRandomValues(new Uint8Array(16)); const kek = await this.deriveKek(password, salt); const wrappedPrivateKey = await this.wrapPrivateKey(privateKey, kek); const publicKeyBuffer = await crypto.subtle.exportKey("spki", publicKey); - const generateAndWrapVaultKey = await this.generateAndWrapVaultKey(publicKey); + const generateAndWrapVaultKey = + await this.generateAndWrapVaultKey(publicKey); return { publicKey: BufferTransformer.arrayBufferToBase64(publicKeyBuffer), From a04c6e447ccf6ba794f5fe83ed2ea7156dae1ca8 Mon Sep 17 00:00:00 2001 From: Erion Spahija Date: Sat, 5 Jul 2025 20:19:17 +0200 Subject: [PATCH 4/7] generateandwrappedkey -> wrapedDefaultVaultKey --- app/actions/_userActions.ts | 6 +++--- components/auth/onboarding-form.tsx | 2 +- lib/crypto.ts | 5 ++--- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/app/actions/_userActions.ts b/app/actions/_userActions.ts index 306d7e1..5a47bdd 100644 --- a/app/actions/_userActions.ts +++ b/app/actions/_userActions.ts @@ -19,7 +19,7 @@ export const finishOnboarding = withErrorHandling( salt: string; publicKey: string; wrappedPrivateKey: string; - generateAndWrapVaultKey: string; + wrappedDefaultVaultKey: string; } ) => { const client = await clerkClient(); @@ -28,7 +28,7 @@ export const finishOnboarding = withErrorHandling( // eslint-disable-next-line @typescript-eslint/no-non-null-assertion const email = user.primaryEmailAddress!.emailAddress; - const { salt, publicKey, wrappedPrivateKey, generateAndWrapVaultKey } = + const { salt, publicKey, wrappedPrivateKey, wrappedDefaultVaultKey } = data; try { @@ -59,7 +59,7 @@ export const finishOnboarding = withErrorHandling( await createVault({ name: "Private", - wrappedKey: generateAndWrapVaultKey, + wrappedKey: wrappedDefaultVaultKey, }); await client.users.updateUser(user.id, { diff --git a/components/auth/onboarding-form.tsx b/components/auth/onboarding-form.tsx index d553e1b..8e54c78 100644 --- a/components/auth/onboarding-form.tsx +++ b/components/auth/onboarding-form.tsx @@ -51,7 +51,7 @@ export function SignUpForm({ salt, publicKey, wrappedPrivateKey, - generateAndWrapVaultKey, + wrappedDefaultVaultKey: generateAndWrapVaultKey, }); // Handle error responses diff --git a/lib/crypto.ts b/lib/crypto.ts index 76ab431..0fb79c6 100644 --- a/lib/crypto.ts +++ b/lib/crypto.ts @@ -10,15 +10,14 @@ export class CryptoService { const kek = await this.deriveKek(password, salt); const wrappedPrivateKey = await this.wrapPrivateKey(privateKey, kek); const publicKeyBuffer = await crypto.subtle.exportKey("spki", publicKey); - const generateAndWrapVaultKey = - await this.generateAndWrapVaultKey(publicKey); + const {wrappedKey: wrappedDefaultVaultKey } = await this.generateAndWrapVaultKey(publicKey); return { publicKey: BufferTransformer.arrayBufferToBase64(publicKeyBuffer), wrappedPrivateKey: BufferTransformer.arrayBufferToBase64(wrappedPrivateKey), salt: BufferTransformer.arrayBufferToBase64(salt.buffer), - generateAndWrapVaultKey: generateAndWrapVaultKey.wrappedKey, + generateAndWrapVaultKey: wrappedDefaultVaultKey, }; } From 86d3d90d0aaaa91785df2a9b65d6d492cd2578aa Mon Sep 17 00:00:00 2001 From: Erion Spahija Date: Sat, 5 Jul 2025 20:27:00 +0200 Subject: [PATCH 5/7] formatting with prettier --- lib/crypto.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/crypto.ts b/lib/crypto.ts index 0fb79c6..f35d36c 100644 --- a/lib/crypto.ts +++ b/lib/crypto.ts @@ -10,7 +10,8 @@ export class CryptoService { const kek = await this.deriveKek(password, salt); const wrappedPrivateKey = await this.wrapPrivateKey(privateKey, kek); const publicKeyBuffer = await crypto.subtle.exportKey("spki", publicKey); - const {wrappedKey: wrappedDefaultVaultKey } = await this.generateAndWrapVaultKey(publicKey); + const { wrappedKey: wrappedDefaultVaultKey } = + await this.generateAndWrapVaultKey(publicKey); return { publicKey: BufferTransformer.arrayBufferToBase64(publicKeyBuffer), From 46431195bfe66b7d3b70e62ba0b3ec459fb4f84b Mon Sep 17 00:00:00 2001 From: Marvin <129607867+knivram@users.noreply.github.com> Date: Sun, 6 Jul 2025 00:14:34 +0200 Subject: [PATCH 6/7] Update crypto.ts --- lib/crypto.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/crypto.ts b/lib/crypto.ts index f35d36c..15413fc 100644 --- a/lib/crypto.ts +++ b/lib/crypto.ts @@ -3,7 +3,7 @@ export class CryptoService { publicKey: string; wrappedPrivateKey: string; salt: string; - generateAndWrapVaultKey: string; + wrappedDefaultVaultKey: string; }> { const { publicKey, privateKey } = await this.generateKeyPair(); const salt = crypto.getRandomValues(new Uint8Array(16)); @@ -18,7 +18,7 @@ export class CryptoService { wrappedPrivateKey: BufferTransformer.arrayBufferToBase64(wrappedPrivateKey), salt: BufferTransformer.arrayBufferToBase64(salt.buffer), - generateAndWrapVaultKey: wrappedDefaultVaultKey, + wrappedDefaultVaultKey, }; } From 136f5f5695ba5cd0c653e1c821b5d503567d9c5a Mon Sep 17 00:00:00 2001 From: Marvin <129607867+knivram@users.noreply.github.com> Date: Sun, 6 Jul 2025 00:15:21 +0200 Subject: [PATCH 7/7] Update onboarding-form.tsx --- components/auth/onboarding-form.tsx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/auth/onboarding-form.tsx b/components/auth/onboarding-form.tsx index 8e54c78..d9b7eda 100644 --- a/components/auth/onboarding-form.tsx +++ b/components/auth/onboarding-form.tsx @@ -44,14 +44,14 @@ export function SignUpForm({ } try { - const { publicKey, wrappedPrivateKey, salt, generateAndWrapVaultKey } = + const { publicKey, wrappedPrivateKey, salt, wrappedDefaultVaultKey } = await cryptoService.onboarding(password); const response = await finishOnboarding({ salt, publicKey, wrappedPrivateKey, - wrappedDefaultVaultKey: generateAndWrapVaultKey, + wrappedDefaultVaultKey, }); // Handle error responses