webylib 0.2.0

Webcash HD wallet library — bearer e-cash with BIP32-style key derivation, SQLite storage, AES-256-GCM encryption, and full C FFI for cross-platform SDKs
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185

//! Wallet engine — SQLite-backed HD wallet for Webcash.
//!
//! The wallet is the primary interface for managing webcash: storing secrets,
//! making payments, recovering from master seeds, and encrypting data at rest.
//!
//! # Architecture
//!
//! - **`schema`** — Database schema, WAL mode, migrations.
//! - **`operations`** — Insert, pay, merge, recover, check, balance.
//! - **`encryption`** — Database-level and seed-level encryption.
//! - **`snapshot`** — JSON export/import for backup and recovery.
//!
//! The `Wallet` struct owns a `Mutex<Connection>` for thread-safe DB access
//! and a `Mutex<Box<dyn ServerClientTrait>>` for server communication.
//! Each wallet instance is self-contained — no global singletons.

pub mod encryption;
pub mod operations;
pub mod schema;
pub mod snapshot;

use std::path::{Path, PathBuf};
use std::sync::Mutex;

use rusqlite::Connection;

use crate::biometric::{BiometricEncryption, EncryptionConfig};
use crate::error::{Error, Result};
use crate::server::{ServerClient, ServerClientTrait};

// Re-export types consumers need
pub use operations::{CheckResult, RecoveryResult, WalletStats};
pub use snapshot::{SpentHashSnapshot, UnspentOutputSnapshot, WalletSnapshot};

/// SQLite-backed Webcash wallet.
pub struct Wallet {
    /// Path to the wallet database file.
    pub(crate) path: PathBuf,
    /// SQLite connection (Mutex for thread safety).
    pub(crate) connection: Mutex<Connection>,
    /// Server client for webcash operations.
    pub(crate) server_client: Mutex<Box<dyn ServerClientTrait + Send>>,
    /// Biometric encryption handler (optional).
    pub(crate) biometric_encryption: Option<Mutex<BiometricEncryption>>,
    /// Whether this wallet uses runtime encryption.
    pub(crate) is_encrypted: bool,
    /// Temporary path for decrypted database during runtime.
    pub(crate) temp_db_path: Option<PathBuf>,
}

impl Wallet {
    /// Open or create a wallet at the given path.
    pub async fn open<P: AsRef<Path>>(path: P) -> Result<Self> {
        Self::open_with_biometric(path, false).await
    }

    /// Open or create a wallet with optional biometric encryption.
    pub async fn open_with_biometric<P: AsRef<Path>>(
        path: P,
        enable_biometric: bool,
    ) -> Result<Self> {
        let path = path.as_ref().to_path_buf();

        if let Some(parent) = path.parent() {
            std::fs::create_dir_all(parent)?;
        }

        let (connection, is_encrypted, temp_db_path) =
            if enable_biometric && Self::is_database_encrypted(&path)? {
                let temp_path = Self::decrypt_database_for_runtime(&path).await?;
                let connection = Connection::open(&temp_path)?;
                (connection, true, Some(temp_path))
            } else if enable_biometric {
                let connection = Connection::open(&path)?;
                (connection, true, None)
            } else {
                let connection = Connection::open(&path)?;
                (connection, false, None)
            };

        schema::initialize_schema(&connection)?;

        let biometric_encryption = if enable_biometric {
            let config = EncryptionConfig {
                app_identifier: "com.webycash.webylib".to_string(),
                service_name: format!(
                    "WalletEncryption_{}",
                    path.file_name()
                        .and_then(|n| n.to_str())
                        .unwrap_or("default")
                ),
                require_auth_every_use: true,
                auth_timeout_seconds: 0,
                allow_device_passcode_fallback: true,
            };
            BiometricEncryption::new(config).ok().map(Mutex::new)
        } else {
            None
        };

        let server_client: Box<dyn ServerClientTrait + Send> = Box::new(ServerClient::new()?);

        let wallet = Wallet {
            path,
            connection: Mutex::new(connection),
            server_client: Mutex::new(server_client),
            biometric_encryption,
            is_encrypted,
            temp_db_path,
        };

        let _ = wallet.get_or_generate_master_secret()?;
        Ok(wallet)
    }

    /// Open or create a wallet with a caller-provided seed.
    /// If the wallet already has a different master secret, returns an error.
    pub async fn open_with_seed<P: AsRef<Path>>(path: P, seed: &[u8; 32]) -> Result<Self> {
        let wallet = Self::open(path).await?;
        let hex = hex::encode(seed);

        // Check if there's already a different master secret
        let existing = wallet.master_secret_hex()?;
        if existing != hex {
            // If the wallet was just created, the auto-generated secret is fine to overwrite
            // But if it has transactions, refuse
            let stats = wallet.stats().await?;
            if stats.total_webcash > 0 {
                return Err(Error::wallet(
                    "Wallet already has a different master secret with existing transactions",
                ));
            }
            wallet.store_master_secret(&hex).await?;
        }
        Ok(wallet)
    }

    /// Open an in-memory wallet (useful for testing or stateless execution).
    pub fn open_memory() -> Result<Self> {
        let connection = Connection::open_in_memory()?;
        schema::initialize_schema(&connection)?;

        let server_client: Box<dyn ServerClientTrait + Send> = Box::new(ServerClient::new()?);

        let wallet = Wallet {
            path: PathBuf::from(":memory:"),
            connection: Mutex::new(connection),
            server_client: Mutex::new(server_client),
            biometric_encryption: None,
            is_encrypted: false,
            temp_db_path: None,
        };
        wallet.get_or_generate_master_secret()?;
        Ok(wallet)
    }

    /// Get the wallet database path.
    pub fn path(&self) -> &Path {
        &self.path
    }

    /// Close the wallet (flushes any pending operations).
    pub async fn close(mut self) -> Result<()> {
        if self.is_encrypted {
            self.encrypt_database().await?;
        }
        if let Some(biometric_mutex) = self.biometric_encryption.take() {
            let mut biometric = biometric_mutex
                .into_inner()
                .map_err(|_| Error::wallet("Failed to acquire biometric lock during close"))?;
            biometric.clear_cached_keys();
        }
        Ok(())
    }
}

impl Drop for Wallet {
    fn drop(&mut self) {
        if self.is_encrypted {
            if let Some(temp_path) = &self.temp_db_path {
                let _ = std::fs::remove_file(temp_path);
            }
        }
    }
}