bsv-wallet-toolbox 0.2.19

Pure Rust BSV wallet-toolbox implementation
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310

//! Permission caching with concurrent request deduplication.
//!
//! Provides a `PermissionCache` that maintains:
//! - **Manifest cache**: Per-key permission grants with a configurable TTL (default 5 min).
//! - **Recent grants**: Short-lived window (15 sec) tracking recently-granted permissions
//!   to avoid re-prompting during rapid sequences of related calls.
//! - **Active requests**: Deduplication of concurrent permission checks for the same key --
//!   only the first caller fires the callback; subsequent callers wait for its result.

use std::collections::HashMap;
use std::sync::Arc;
use std::time::{Duration, Instant};

use tokio::sync::{Mutex, Notify};

use crate::WalletError;

// ---------------------------------------------------------------------------
// Constants
// ---------------------------------------------------------------------------

/// Default manifest cache TTL: 5 minutes.
pub const MANIFEST_CACHE_TTL: Duration = Duration::from_secs(300);

/// Recent grant window: 15 seconds.
pub const RECENT_GRANT_WINDOW: Duration = Duration::from_secs(15);

// ---------------------------------------------------------------------------
// CacheEntry
// ---------------------------------------------------------------------------

/// A single entry in the manifest cache.
#[derive(Debug, Clone)]
pub struct CacheEntry {
    /// Whether the permission was granted (true) or denied (false).
    pub granted: bool,
    /// When this entry expires.
    pub expires_at: Instant,
}

// ---------------------------------------------------------------------------
// ActiveRequest and deduplication
// ---------------------------------------------------------------------------

/// Shared state for an in-flight permission request.
struct ActiveRequest {
    /// Notifies waiters when the result is available.
    notify: Arc<Notify>,
    /// The eventual result, set by the first caller.
    result: Arc<Mutex<Option<Result<bool, String>>>>,
}

/// Result of attempting to deduplicate a permission request.
pub enum DeduplicateResult {
    /// This caller should perform the check. The handle must be completed
    /// via `PermissionCache::complete_request` when done.
    Proceed(ActiveRequestHandle),
    /// Another caller is already checking. Wait on the `Notify` then read
    /// the shared result.
    Wait(Arc<Notify>, Arc<Mutex<Option<Result<bool, String>>>>),
}

/// Handle returned to the "proceed" caller for RAII cleanup.
///
/// If dropped without calling `complete_request`, the entry is cleaned up
/// from active_requests so waiters do not hang indefinitely.
pub struct ActiveRequestHandle {
    key: String,
}

impl ActiveRequestHandle {
    /// Get the cache key this handle corresponds to.
    pub fn key(&self) -> &str {
        &self.key
    }
}

// ---------------------------------------------------------------------------
// PermissionCache
// ---------------------------------------------------------------------------

/// Thread-safe permission cache with deduplication.
pub struct PermissionCache {
    /// Manifest cache: permission grant/deny with TTL.
    manifest_cache: Mutex<HashMap<String, CacheEntry>>,
    /// Recent grants: keys that were granted within the last 15 seconds.
    recent_grants: Mutex<HashMap<String, Instant>>,
    /// Active permission requests being resolved (for deduplication).
    active_requests: Mutex<HashMap<String, ActiveRequest>>,
}

impl PermissionCache {
    /// Create a new empty permission cache.
    pub fn new() -> Self {
        Self {
            manifest_cache: Mutex::new(HashMap::new()),
            recent_grants: Mutex::new(HashMap::new()),
            active_requests: Mutex::new(HashMap::new()),
        }
    }

    /// Check the manifest cache for a non-expired entry.
    ///
    /// Returns `Some(true)` if granted, `Some(false)` if denied,
    /// `None` if not found or expired.
    pub async fn check_cache(&self, key: &str) -> Option<bool> {
        let mut cache = self.manifest_cache.lock().await;
        if let Some(entry) = cache.get(key) {
            if Instant::now() < entry.expires_at {
                return Some(entry.granted);
            }
            // Expired -- clean up
            cache.remove(key);
        }
        None
    }

    /// Insert a permission result into the manifest cache.
    pub async fn insert_cache(&self, key: &str, granted: bool, ttl: Duration) {
        let entry = CacheEntry {
            granted,
            expires_at: Instant::now() + ttl,
        };
        self.manifest_cache
            .lock()
            .await
            .insert(key.to_string(), entry);
    }

    /// Check if a key has a recent grant within the 15-second window.
    pub async fn is_recent_grant(&self, key: &str) -> bool {
        let grants = self.recent_grants.lock().await;
        if let Some(when) = grants.get(key) {
            Instant::now().duration_since(*when) < RECENT_GRANT_WINDOW
        } else {
            false
        }
    }

    /// Record a recent grant for the given key.
    pub async fn record_recent_grant(&self, key: &str) {
        self.recent_grants
            .lock()
            .await
            .insert(key.to_string(), Instant::now());
    }

    /// Attempt to deduplicate a permission request.
    ///
    /// If no other caller is checking this key, returns `Proceed` with a handle.
    /// If another caller is already checking, returns `Wait` with shared notify/result.
    pub async fn try_deduplicate(&self, key: &str) -> DeduplicateResult {
        let mut active = self.active_requests.lock().await;
        if let Some(existing) = active.get(key) {
            return DeduplicateResult::Wait(
                Arc::clone(&existing.notify),
                Arc::clone(&existing.result),
            );
        }

        let notify = Arc::new(Notify::new());
        let result = Arc::new(Mutex::new(None));
        active.insert(
            key.to_string(),
            ActiveRequest {
                notify: Arc::clone(&notify),
                result: Arc::clone(&result),
            },
        );

        DeduplicateResult::Proceed(ActiveRequestHandle {
            key: key.to_string(),
        })
    }

    /// Complete an active request, notifying all waiters.
    pub async fn complete_request(&self, key: &str, result: Result<bool, WalletError>) {
        let mut active = self.active_requests.lock().await;
        if let Some(req) = active.remove(key) {
            let stored = result.map_err(|e| format!("{}", e));
            *req.result.lock().await = Some(stored);
            req.notify.notify_waiters();
        }
    }

    /// Clear all caches and active requests.
    pub async fn clear(&self) {
        self.manifest_cache.lock().await.clear();
        self.recent_grants.lock().await.clear();
        // Notify any waiters before clearing
        let mut active = self.active_requests.lock().await;
        for (_, req) in active.drain() {
            *req.result.lock().await = Some(Err("Cache cleared".to_string()));
            req.notify.notify_waiters();
        }
    }

    /// Build a deterministic cache key from permission parameters.
    pub fn build_cache_key(
        permission_type: &super::types::PermissionType,
        originator: &str,
        details: &str,
    ) -> String {
        format!("{:?}:{}:{}", permission_type, originator, details)
    }
}

impl Default for PermissionCache {
    fn default() -> Self {
        Self::new()
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::permissions::types::PermissionType;

    #[tokio::test]
    async fn test_cache_insert_and_check() {
        let cache = PermissionCache::new();
        cache
            .insert_cache("proto:test", true, Duration::from_secs(60))
            .await;
        assert_eq!(cache.check_cache("proto:test").await, Some(true));
    }

    #[tokio::test]
    async fn test_cache_expiry() {
        let cache = PermissionCache::new();
        // Insert with zero TTL -- should expire immediately
        cache
            .insert_cache("proto:expired", true, Duration::from_secs(0))
            .await;
        // Give it a tiny moment to ensure Instant comparison fails
        tokio::time::sleep(Duration::from_millis(1)).await;
        assert_eq!(cache.check_cache("proto:expired").await, None);
    }

    #[tokio::test]
    async fn test_recent_grant_within_window() {
        let cache = PermissionCache::new();
        cache.record_recent_grant("proto:recent").await;
        assert!(cache.is_recent_grant("proto:recent").await);
    }

    #[tokio::test]
    async fn test_recent_grant_not_present() {
        let cache = PermissionCache::new();
        assert!(!cache.is_recent_grant("proto:missing").await);
    }

    #[tokio::test]
    async fn test_deduplication_proceed_first() {
        let cache = PermissionCache::new();
        let result = cache.try_deduplicate("proto:dedup").await;
        assert!(matches!(result, DeduplicateResult::Proceed(_)));
    }

    #[tokio::test]
    async fn test_deduplication_wait_second() {
        let cache = PermissionCache::new();
        // First caller gets Proceed
        let _handle = match cache.try_deduplicate("proto:dedup2").await {
            DeduplicateResult::Proceed(h) => h,
            _ => panic!("Expected Proceed for first caller"),
        };
        // Second caller gets Wait
        let result = cache.try_deduplicate("proto:dedup2").await;
        assert!(matches!(result, DeduplicateResult::Wait(..)));

        // Clean up by completing the request
        cache.complete_request("proto:dedup2", Ok(true)).await;
    }

    #[tokio::test]
    async fn test_build_cache_key_deterministic() {
        let key1 = PermissionCache::build_cache_key(
            &PermissionType::ProtocolPermission,
            "example.com",
            "proto:1:self",
        );
        let key2 = PermissionCache::build_cache_key(
            &PermissionType::ProtocolPermission,
            "example.com",
            "proto:1:self",
        );
        assert_eq!(key1, key2);

        // Different inputs produce different keys
        let key3 = PermissionCache::build_cache_key(
            &PermissionType::BasketAccess,
            "example.com",
            "my-basket",
        );
        assert_ne!(key1, key3);
    }

    #[tokio::test]
    async fn test_clear_clears_all() {
        let cache = PermissionCache::new();
        cache
            .insert_cache("k1", true, Duration::from_secs(300))
            .await;
        cache.record_recent_grant("k2").await;
        cache.clear().await;
        assert_eq!(cache.check_cache("k1").await, None);
        assert!(!cache.is_recent_grant("k2").await);
    }
}