authentication: refactor store utils

AnalogIO · Feb 2, 2024 · efba5a9 · efba5a9
1 parent 8a73610
commit efba5a9
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 32 deletions.
diff --git a/lib/core/open_encrypted_box.dart b/lib/core/open_encrypted_box.dart
diff --git a/lib/core/store_utils.dart b/lib/core/store_utils.dart
@@ -0,0 +1,56 @@
+import 'dart:convert';
+
+import 'package:flutter_secure_storage/flutter_secure_storage.dart';
+import 'package:fpdart/fpdart.dart';
+import 'package:hive_flutter/hive_flutter.dart';
+
+extension FlutterSecureStorageFP on FlutterSecureStorage {
+  /// [TaskOption] wrapper around [read].
+  TaskOption<String> readAsTaskOption(String key) {
+    return TaskOption(
+      () async => Option.fromNullable(await read(key: key)),
+    );
+  }
+
+  /// [Task] wrapper around [write].
+  Task<Unit> writeAsTask({required String key, required String value}) {
+    return Task(() => write(key: key, value: value)).map((_) => unit);
+  }
+}
+
+extension HiveFP on HiveInterface {
+  /// [Task] wrapper around [openBox].
+  Task<Box<E>> openBoxAsTask<E>(String name, {HiveCipher? encryptionCipher}) =>
+      Task(() => openBox<E>(name, encryptionCipher: encryptionCipher));
+
+  /// Open an encrypted box in a [Task].
+  ///
+  /// The encryption key is stored in FlutterSecureStorage as a base64 encoded
+  /// string. If the key does not exist, a new key is generated and stored.
+  Task<Box<E>> openEncryptedBox<E>(String boxName) {
+    const secureStorage = FlutterSecureStorage();
+
+    /// The location of the Hive encryption key in FlutterSecureStorage.
+    const secureStorageHiveEncryptionKey = 'hiveEncryptionKeyString';
+
+    Task<Unit> saveHiveEncryptionKey(List<int> encryptionKey) {
+      return secureStorage.writeAsTask(
+        key: secureStorageHiveEncryptionKey,
+        value: base64.encode(encryptionKey),
+      );
+    }
+
+    return secureStorage
+        .readAsTaskOption(secureStorageHiveEncryptionKey)
+        .map<List<int>>(base64.decode)
+        .getOrElse(Hive.generateSecureKey)
+        .chainFirst(saveHiveEncryptionKey)
+        .map(HiveAesCipher.new)
+        .flatMap(
+          (cipher) => Hive.openBoxAsTask<E>(
+            secureStorageHiveEncryptionKey,
+            encryptionCipher: cipher,
+          ),
+        );
+  }
+}
diff --git a/lib/service_locator.dart b/lib/service_locator.dart
@@ -6,6 +6,7 @@ import 'package:coffeecard/core/external/screen_brightness.dart';
 import 'package:coffeecard/core/firebase_analytics_event_logging.dart';
 import 'package:coffeecard/core/ignore_value.dart';
 import 'package:coffeecard/core/network/network_request_executor.dart';
+import 'package:coffeecard/core/store_utils.dart';
 import 'package:coffeecard/env/env.dart';
 import 'package:coffeecard/features/authentication.dart';
 import 'package:coffeecard/features/contributor/data/datasources/contributor_local_data_source.dart';
@@ -123,7 +124,7 @@ void initAuthentication() {
   // repository
   sl.registerLazySingletonAsync<AuthenticationRepository>(
     () async => AuthenticationRepository(
-      store: await Hive.openBox('authenticationInfo'),
+      store: await Hive.openEncryptedBox<AuthenticationInfo>('auth').run(),
       logger: sl(),
     ),
   );