refactor(server): separate crypto by purpose and moved outside of actor into separate module

2026-04-04 13:40:52 +02:00
parent 0bb6e596ac
commit dd51d756da
14 changed files with 368 additions and 363 deletions
--- a/server/crates/arbiter-server/tests/keyholder/lifecycle.rs
+++ b/server/crates/arbiter-server/tests/keyholder/lifecycle.rs
@@ -1,7 +1,5 @@
 use arbiter_server::{
-    actors::keyholder::{Error, KeyHolder},
-    db::{self, models, schema},
-    safe_cell::{SafeCell, SafeCellHandle as _},
+    actors::keyholder::{Error, KeyHolder}, crypto::encryption::v1::{Nonce, ROOT_KEY_TAG}, db::{self, models, schema}, safe_cell::{SafeCell, SafeCellHandle as _}
 };
 use diesel::{QueryDsl, SelectableHelper};
 use diesel_async::RunQueryDsl;
@@ -27,13 +25,13 @@ async fn test_bootstrap() {
    assert_eq!(row.schema_version, 1);
    assert_eq!(
        row.tag,
-        arbiter_server::actors::keyholder::encryption::v1::ROOT_KEY_TAG
+        ROOT_KEY_TAG
    );
    assert!(!row.ciphertext.is_empty());
    assert!(!row.salt.is_empty());
    assert_eq!(
        row.data_encryption_nonce,
-        arbiter_server::actors::keyholder::encryption::v1::Nonce::default().to_vec()
+        Nonce::default().to_vec()
    );
 }

--- a/server/crates/arbiter-server/tests/keyholder/storage.rs
+++ b/server/crates/arbiter-server/tests/keyholder/storage.rs
@@ -1,9 +1,7 @@
 use std::collections::HashSet;

 use arbiter_server::{
-    actors::keyholder::{Error, encryption::v1},
-    db::{self, models, schema},
-    safe_cell::{SafeCell, SafeCellHandle as _},
+    actors::keyholder::Error, crypto::encryption::v1::Nonce, db::{self, models, schema}, safe_cell::{SafeCell, SafeCellHandle as _}
 };
 use diesel::{ExpressionMethods as _, QueryDsl, SelectableHelper, dsl::update};
 use diesel_async::RunQueryDsl;
@@ -102,7 +100,7 @@ async fn test_nonce_never_reused() {
    assert_eq!(nonces.len(), unique.len(), "all nonces must be unique");

    for (i, row) in rows.iter().enumerate() {
-        let mut expected = v1::Nonce::default();
+        let mut expected = Nonce::default();
        for _ in 0..=i {
            expected.increment();
        }
--- a/server/crates/arbiter-server/tests/user_agent/auth.rs
+++ b/server/crates/arbiter-server/tests/user_agent/auth.rs
@@ -279,8 +279,12 @@ pub async fn test_challenge_auth_rejects_invalid_signature() {
        .await
        .unwrap();

+    let expected_err = task.await.unwrap();
+
+    println!("Received expected error: {expected_err:#?}");
+
    assert!(matches!(
-        task.await.unwrap(),
+        expected_err,
        Err(auth::Error::InvalidChallengeSolution)
    ));
 }