+
+
+
+
+
+ Message
+ Enter your message below.
+
+
+
+
+ Message
+ Enter your message below.
+
+
+
+
+
+ {message && (
+
+ {message}
+
+ )}
+
+
+
+ )
+}
From 6239b7e154832415ae3738dbe998521dd58681d6 Mon Sep 17 00:00:00 2001
From: jslyonnais <6282845+jslyonnais@users.noreply.github.com>
Date: Wed, 18 Feb 2026 15:08:25 -0500
Subject: [PATCH 04/19] clean
---
src/components/ui/textarea.tsx | 10 +++++-----
src/views/EncryptDemoView.tsx | 1 -
2 files changed, 5 insertions(+), 6 deletions(-)
diff --git a/src/components/ui/textarea.tsx b/src/components/ui/textarea.tsx
index 7f21b5e..3809775 100644
--- a/src/components/ui/textarea.tsx
+++ b/src/components/ui/textarea.tsx
@@ -1,14 +1,14 @@
-import * as React from "react"
+import * as React from 'react'
-import { cn } from "@/lib/utils"
+import { cn } from '@/lib/utils'
-function Textarea({ className, ...props }: React.ComponentProps<"textarea">) {
+function Textarea({ className, ...props }: React.ComponentProps<'textarea'>) {
return (
diff --git a/src/views/EncryptDemoView.tsx b/src/views/EncryptDemoView.tsx
index 011acaa..6496437 100644
--- a/src/views/EncryptDemoView.tsx
+++ b/src/views/EncryptDemoView.tsx
@@ -7,7 +7,6 @@ import {
FieldLabel,
} from '@/components/ui/field'
import { Textarea } from '@/components/ui/textarea'
-import { Separator } from '@/components/ui/separator'
import { Button } from '@/components/ui/button'
export const EncryptDemoView = () => {
From 08730b9cbcf70983e16fed28b9d79e5444e14156 Mon Sep 17 00:00:00 2001
From: jslyonnais <6282845+jslyonnais@users.noreply.github.com>
Date: Thu, 19 Feb 2026 08:33:38 -0500
Subject: [PATCH 05/19] base use encryption + refactor convex folders
---
convex/_generated/api.d.ts | 37 +++++---
convex/_generated/api.js | 7 +-
convex/_generated/dataModel.d.ts | 16 ++--
convex/_generated/server.d.ts | 37 ++++----
convex/_generated/server.js | 28 +++---
convex/crons.ts | 6 +-
convex/encryptionSessions.ts | 18 ----
convex/schema.ts | 27 ++++--
convex/users/keys.ts | 49 +++++++++++
convex/{encryption.ts => users/sessions.ts} | 95 +++++++++------------
package-lock.json | 10 +++
package.json | 4 +-
src/hooks/useEncryption.ts | 50 +++++++++++
src/stores/encryptionStore.ts | 15 ++++
src/types/encryption.ts | 21 +++++
src/views/EncryptDemoView.tsx | 82 +++++++++++++++---
16 files changed, 354 insertions(+), 148 deletions(-)
delete mode 100644 convex/encryptionSessions.ts
create mode 100644 convex/users/keys.ts
rename convex/{encryption.ts => users/sessions.ts} (59%)
create mode 100644 src/hooks/useEncryption.ts
create mode 100644 src/stores/encryptionStore.ts
create mode 100644 src/types/encryption.ts
diff --git a/convex/_generated/api.d.ts b/convex/_generated/api.d.ts
index de319a0..f783637 100644
--- a/convex/_generated/api.d.ts
+++ b/convex/_generated/api.d.ts
@@ -8,29 +8,46 @@
* @module
*/
+import type * as crons from "../crons.js";
+import type * as users_keys from "../users/keys.js";
+import type * as users_sessions from "../users/sessions.js";
+
import type {
ApiFromModules,
FilterApi,
FunctionReference,
-} from 'convex/server'
-import type * as todos from '../todos.js'
+} from "convex/server";
+
+declare const fullApi: ApiFromModules<{
+ crons: typeof crons;
+ "users/keys": typeof users_keys;
+ "users/sessions": typeof users_sessions;
+}>;
/**
- * A utility for referencing Convex functions in your app's API.
+ * A utility for referencing Convex functions in your app's public API.
*
* Usage:
* ```js
* const myFunctionReference = api.myModule.myFunction;
* ```
*/
-declare const fullApi: ApiFromModules<{
- todos: typeof todos
-}>
export declare const api: FilterApi<
typeof fullApi,
- FunctionReference
->
+ FunctionReference
+>;
+
+/**
+ * A utility for referencing Convex functions in your app's internal API.
+ *
+ * Usage:
+ * ```js
+ * const myFunctionReference = internal.myModule.myFunction;
+ * ```
+ */
export declare const internal: FilterApi<
typeof fullApi,
- FunctionReference
->
+ FunctionReference
+>;
+
+export declare const components: {};
diff --git a/convex/_generated/api.js b/convex/_generated/api.js
index 2b62e6b..44bf985 100644
--- a/convex/_generated/api.js
+++ b/convex/_generated/api.js
@@ -8,7 +8,7 @@
* @module
*/
-import { anyApi } from 'convex/server'
+import { anyApi, componentsGeneric } from "convex/server";
/**
* A utility for referencing Convex functions in your app's API.
@@ -18,5 +18,6 @@ import { anyApi } from 'convex/server'
* const myFunctionReference = api.myModule.myFunction;
* ```
*/
-export const api = anyApi
-export const internal = anyApi
+export const api = anyApi;
+export const internal = anyApi;
+export const components = componentsGeneric();
diff --git a/convex/_generated/dataModel.d.ts b/convex/_generated/dataModel.d.ts
index 5b936a4..f97fd19 100644
--- a/convex/_generated/dataModel.d.ts
+++ b/convex/_generated/dataModel.d.ts
@@ -13,14 +13,14 @@ import type {
DocumentByName,
TableNamesInDataModel,
SystemTableNames,
-} from 'convex/server'
-import type { GenericId } from 'convex/values'
-import schema from '../schema.js'
+} from "convex/server";
+import type { GenericId } from "convex/values";
+import schema from "../schema.js";
/**
* The names of all of your Convex tables.
*/
-export type TableNames = TableNamesInDataModel
+export type TableNames = TableNamesInDataModel;
/**
* The type of a document stored in Convex.
@@ -30,7 +30,7 @@ export type TableNames = TableNamesInDataModel
export type Doc = DocumentByName<
DataModel,
TableName
->
+>;
/**
* An identifier for a document in Convex.
@@ -38,7 +38,7 @@ export type Doc = DocumentByName<
* Convex documents are uniquely identified by their `Id`, which is accessible
* on the `_id` field. To learn more, see [Document IDs](https://docs.convex.dev/using/document-ids).
*
- * Documents can be loaded using `db.get(id)` in query and mutation functions.
+ * Documents can be loaded using `db.get(tableName, id)` in query and mutation functions.
*
* IDs are just strings at runtime, but this type can be used to distinguish them from other
* strings when type checking.
@@ -46,7 +46,7 @@ export type Doc = DocumentByName<
* @typeParam TableName - A string literal type of the table name (like "users").
*/
export type Id =
- GenericId
+ GenericId;
/**
* A type describing your Convex data model.
@@ -57,4 +57,4 @@ export type Id =
* This type is used to parameterize methods like `queryGeneric` and
* `mutationGeneric` to make them type-safe.
*/
-export type DataModel = DataModelFromSchemaDefinition
+export type DataModel = DataModelFromSchemaDefinition;
diff --git a/convex/_generated/server.d.ts b/convex/_generated/server.d.ts
index 869a677..bec05e6 100644
--- a/convex/_generated/server.d.ts
+++ b/convex/_generated/server.d.ts
@@ -18,8 +18,8 @@ import {
GenericQueryCtx,
GenericDatabaseReader,
GenericDatabaseWriter,
-} from 'convex/server'
-import type { DataModel } from './dataModel.js'
+} from "convex/server";
+import type { DataModel } from "./dataModel.js";
/**
* Define a query in this Convex app's public API.
@@ -29,7 +29,7 @@ import type { DataModel } from './dataModel.js'
* @param func - The query function. It receives a {@link QueryCtx} as its first argument.
* @returns The wrapped query. Include this as an `export` to name it and make it accessible.
*/
-export declare const query: QueryBuilder
+export declare const query: QueryBuilder;
/**
* Define a query that is only accessible from other Convex functions (but not from the client).
@@ -39,7 +39,7 @@ export declare const query: QueryBuilder
* @param func - The query function. It receives a {@link QueryCtx} as its first argument.
* @returns The wrapped query. Include this as an `export` to name it and make it accessible.
*/
-export declare const internalQuery: QueryBuilder
+export declare const internalQuery: QueryBuilder;
/**
* Define a mutation in this Convex app's public API.
@@ -49,7 +49,7 @@ export declare const internalQuery: QueryBuilder
* @param func - The mutation function. It receives a {@link MutationCtx} as its first argument.
* @returns The wrapped mutation. Include this as an `export` to name it and make it accessible.
*/
-export declare const mutation: MutationBuilder
+export declare const mutation: MutationBuilder;
/**
* Define a mutation that is only accessible from other Convex functions (but not from the client).
@@ -59,7 +59,7 @@ export declare const mutation: MutationBuilder
* @param func - The mutation function. It receives a {@link MutationCtx} as its first argument.
* @returns The wrapped mutation. Include this as an `export` to name it and make it accessible.
*/
-export declare const internalMutation: MutationBuilder
+export declare const internalMutation: MutationBuilder;
/**
* Define an action in this Convex app's public API.
@@ -72,7 +72,7 @@ export declare const internalMutation: MutationBuilder
* @param func - The action. It receives an {@link ActionCtx} as its first argument.
* @returns The wrapped action. Include this as an `export` to name it and make it accessible.
*/
-export declare const action: ActionBuilder
+export declare const action: ActionBuilder;
/**
* Define an action that is only accessible from other Convex functions (but not from the client).
@@ -80,19 +80,20 @@ export declare const action: ActionBuilder
* @param func - The function. It receives an {@link ActionCtx} as its first argument.
* @returns The wrapped function. Include this as an `export` to name it and make it accessible.
*/
-export declare const internalAction: ActionBuilder
+export declare const internalAction: ActionBuilder;
/**
* Define an HTTP action.
*
- * This function will be used to respond to HTTP requests received by a Convex
- * deployment if the requests matches the path and method where this action
- * is routed. Be sure to route your action in `convex/http.js`.
+ * The wrapped function will be used to respond to HTTP requests received
+ * by a Convex deployment if the requests matches the path and method where
+ * this action is routed. Be sure to route your httpAction in `convex/http.js`.
*
- * @param func - The function. It receives an {@link ActionCtx} as its first argument.
+ * @param func - The function. It receives an {@link ActionCtx} as its first argument
+ * and a Fetch API `Request` object as its second.
* @returns The wrapped function. Import this function from `convex/http.js` and route it to hook it up.
*/
-export declare const httpAction: HttpActionBuilder
+export declare const httpAction: HttpActionBuilder;
/**
* A set of services for use within Convex query functions.
@@ -103,7 +104,7 @@ export declare const httpAction: HttpActionBuilder
* This differs from the {@link MutationCtx} because all of the services are
* read-only.
*/
-export type QueryCtx = GenericQueryCtx
+export type QueryCtx = GenericQueryCtx;
/**
* A set of services for use within Convex mutation functions.
@@ -111,7 +112,7 @@ export type QueryCtx = GenericQueryCtx
* The mutation context is passed as the first argument to any Convex mutation
* function run on the server.
*/
-export type MutationCtx = GenericMutationCtx
+export type MutationCtx = GenericMutationCtx;
/**
* A set of services for use within Convex action functions.
@@ -119,7 +120,7 @@ export type MutationCtx = GenericMutationCtx
* The action context is passed as the first argument to any Convex action
* function run on the server.
*/
-export type ActionCtx = GenericActionCtx
+export type ActionCtx = GenericActionCtx;
/**
* An interface to read from the database within Convex query functions.
@@ -128,7 +129,7 @@ export type ActionCtx = GenericActionCtx
* document by its {@link Id}, or {@link DatabaseReader.query}, which starts
* building a query.
*/
-export type DatabaseReader = GenericDatabaseReader
+export type DatabaseReader = GenericDatabaseReader;
/**
* An interface to read from and write to the database within Convex mutation
@@ -139,4 +140,4 @@ export type DatabaseReader = GenericDatabaseReader
* your data in an inconsistent state. See [the Convex Guide](https://docs.convex.dev/understanding/convex-fundamentals/functions#atomicity-and-optimistic-concurrency-control)
* for the guarantees Convex provides your functions.
*/
-export type DatabaseWriter = GenericDatabaseWriter
+export type DatabaseWriter = GenericDatabaseWriter;
diff --git a/convex/_generated/server.js b/convex/_generated/server.js
index d16f952..bf3d25a 100644
--- a/convex/_generated/server.js
+++ b/convex/_generated/server.js
@@ -16,7 +16,7 @@ import {
internalActionGeneric,
internalMutationGeneric,
internalQueryGeneric,
-} from 'convex/server'
+} from "convex/server";
/**
* Define a query in this Convex app's public API.
@@ -26,7 +26,7 @@ import {
* @param func - The query function. It receives a {@link QueryCtx} as its first argument.
* @returns The wrapped query. Include this as an `export` to name it and make it accessible.
*/
-export const query = queryGeneric
+export const query = queryGeneric;
/**
* Define a query that is only accessible from other Convex functions (but not from the client).
@@ -36,7 +36,7 @@ export const query = queryGeneric
* @param func - The query function. It receives a {@link QueryCtx} as its first argument.
* @returns The wrapped query. Include this as an `export` to name it and make it accessible.
*/
-export const internalQuery = internalQueryGeneric
+export const internalQuery = internalQueryGeneric;
/**
* Define a mutation in this Convex app's public API.
@@ -46,7 +46,7 @@ export const internalQuery = internalQueryGeneric
* @param func - The mutation function. It receives a {@link MutationCtx} as its first argument.
* @returns The wrapped mutation. Include this as an `export` to name it and make it accessible.
*/
-export const mutation = mutationGeneric
+export const mutation = mutationGeneric;
/**
* Define a mutation that is only accessible from other Convex functions (but not from the client).
@@ -56,7 +56,7 @@ export const mutation = mutationGeneric
* @param func - The mutation function. It receives a {@link MutationCtx} as its first argument.
* @returns The wrapped mutation. Include this as an `export` to name it and make it accessible.
*/
-export const internalMutation = internalMutationGeneric
+export const internalMutation = internalMutationGeneric;
/**
* Define an action in this Convex app's public API.
@@ -69,7 +69,7 @@ export const internalMutation = internalMutationGeneric
* @param func - The action. It receives an {@link ActionCtx} as its first argument.
* @returns The wrapped action. Include this as an `export` to name it and make it accessible.
*/
-export const action = actionGeneric
+export const action = actionGeneric;
/**
* Define an action that is only accessible from other Convex functions (but not from the client).
@@ -77,13 +77,17 @@ export const action = actionGeneric
* @param func - The function. It receives an {@link ActionCtx} as its first argument.
* @returns The wrapped function. Include this as an `export` to name it and make it accessible.
*/
-export const internalAction = internalActionGeneric
+export const internalAction = internalActionGeneric;
/**
- * Define a Convex HTTP action.
+ * Define an HTTP action.
*
- * @param func - The function. It receives an {@link ActionCtx} as its first argument, and a `Request` object
- * as its second.
- * @returns The wrapped endpoint function. Route a URL path to this function in `convex/http.js`.
+ * The wrapped function will be used to respond to HTTP requests received
+ * by a Convex deployment if the requests matches the path and method where
+ * this action is routed. Be sure to route your httpAction in `convex/http.js`.
+ *
+ * @param func - The function. It receives an {@link ActionCtx} as its first argument
+ * and a Fetch API `Request` object as its second.
+ * @returns The wrapped function. Import this function from `convex/http.js` and route it to hook it up.
*/
-export const httpAction = httpActionGeneric
+export const httpAction = httpActionGeneric;
diff --git a/convex/crons.ts b/convex/crons.ts
index 36b9a3e..07e9e9a 100644
--- a/convex/crons.ts
+++ b/convex/crons.ts
@@ -4,11 +4,13 @@ import { internal } from './_generated/api'
const crons = cronJobs()
-// Clean up expired sessions every 5 minutes
+/**
+ * Clean up expired sessions every 5 minutes
+ */
crons.interval(
'cleanup expired sessions',
{ minutes: 5 },
- internal.encryption.cleanupExpiredSessions,
+ internal.users.sessions.cleanupExpiredSessions,
)
export default crons
diff --git a/convex/encryptionSessions.ts b/convex/encryptionSessions.ts
deleted file mode 100644
index fe886b8..0000000
--- a/convex/encryptionSessions.ts
+++ /dev/null
@@ -1,18 +0,0 @@
-import { internalMutation } from './_generated/server'
-
-export const cleanupExpiredSessions = internalMutation({
- handler: async (ctx) => {
- const now = Date.now()
- const expiredSessions = await ctx.db
- .query('encryptionSessions')
- .withIndex('by_expiry')
- .filter((q) => q.lt(q.field('expiresAt'), now))
- .collect()
-
- for (const session of expiredSessions) {
- await ctx.db.delete(session._id)
- }
-
- console.log(`Cleaned up ${expiredSessions.length} expired sessions`)
- },
-})
diff --git a/convex/schema.ts b/convex/schema.ts
index 2692adc..c8feca2 100644
--- a/convex/schema.ts
+++ b/convex/schema.ts
@@ -2,23 +2,34 @@ import { defineSchema, defineTable } from 'convex/server'
import { v } from 'convex/values'
export default defineSchema({
+ /**
+ * User keys
+ * This table stores the user's encryption keys.
+ * It is used to store the *encrypted private key* and the *public key*.
+ */
userKeys: defineTable({
- userId: v.string(), // Clerk user ID
+ userId: v.string(),
encryptedPrivateKey: v.string(),
publicKey: v.string(),
createdAt: v.number(),
}).index('by_user', ['userId']),
- encryptionSessions: defineTable({
+ /**
+ * User sessions
+ * This table stores the encryption sessions for a user.
+ * It is used to store the *encrypted session data* and the *session key hash.
+ * It is used to store the expiration time of the session.
+ */
+ userSessions: defineTable({
userId: v.string(),
- sessionId: v.string(), // Random session identifier
- encryptedSessionData: v.string(), // Private key encrypted with session key
- sessionKeyHash: v.string(), // Hash of session key (for verification)
- expiresAt: v.number(), // Auto-delete after 30 minutes
- lastAccessedAt: v.number(), // For activity tracking
+ sessionId: v.string(),
+ encryptedSessionData: v.string(),
+ sessionKeyHash: v.string(),
+ expiresAt: v.number(),
+ lastAccessedAt: v.number(),
createdAt: v.number(),
})
.index('by_user', ['userId'])
.index('by_session_id', ['sessionId'])
- .index('by_expiry', ['expiresAt']), // For cleanup
+ .index('by_expiry', ['expiresAt']),
})
diff --git a/convex/users/keys.ts b/convex/users/keys.ts
new file mode 100644
index 0000000..7d285d2
--- /dev/null
+++ b/convex/users/keys.ts
@@ -0,0 +1,49 @@
+import { v } from 'convex/values'
+import { mutation, query } from '../_generated/server'
+
+/**
+ * Get the user's encryption keys
+ */
+export const getUserKeys = query({
+ handler: async (ctx) => {
+ const identity = await ctx.auth.getUserIdentity()
+ if (!identity) return null
+
+ const keys = await ctx.db
+ .query('userKeys')
+ .withIndex('by_user', (q) => q.eq('userId', identity.subject))
+ .first()
+
+ return keys
+ },
+})
+
+/**
+ * Store the user's PGP keys on signup
+ */
+export const storeUserKeys = mutation({
+ args: {
+ encryptedPrivateKey: v.string(),
+ publicKey: v.string(),
+ },
+ handler: async (ctx, args) => {
+ const identity = await ctx.auth.getUserIdentity()
+ if (!identity) throw new Error('Unauthorized')
+
+ const existing = await ctx.db
+ .query('userKeys')
+ .withIndex('by_user', (q) => q.eq('userId', identity.subject))
+ .first()
+
+ if (existing) {
+ throw new Error('Keys already exist for this user')
+ }
+
+ return await ctx.db.insert('userKeys', {
+ userId: identity.subject,
+ encryptedPrivateKey: args.encryptedPrivateKey,
+ publicKey: args.publicKey,
+ createdAt: Date.now(),
+ })
+ },
+})
diff --git a/convex/encryption.ts b/convex/users/sessions.ts
similarity index 59%
rename from convex/encryption.ts
rename to convex/users/sessions.ts
index b89360d..039897e 100644
--- a/convex/encryption.ts
+++ b/convex/users/sessions.ts
@@ -1,9 +1,15 @@
import { v } from 'convex/values'
-import { mutation, query } from './_generated/server'
+import { internalMutation, mutation, query } from '../_generated/server'
-const SESSION_TTL_MS = 7 * 24 * 60 * 60 * 1000 // 7 days (sliding window)
+/**
+ * Session TTL in milliseconds
+ * 7 days (sliding window)
+ */
+const SESSION_TTL_MS = 7 * 24 * 60 * 60 * 1000
-// Create or update encryption session
+/**
+ * Create a new encryption session
+ */
export const createSession = mutation({
args: {
sessionId: v.string(),
@@ -14,9 +20,12 @@ export const createSession = mutation({
const identity = await ctx.auth.getUserIdentity()
if (!identity) throw new Error('Unauthorized')
- // Delete any existing sessions for this user
+ /**
+ * Delete any existing sessions for this user
+ * This is to ensure that there is only one active session for a user at a time.
+ */
const existingSessions = await ctx.db
- .query('encryptionSessions')
+ .query('userSessions')
.withIndex('by_user', (q) => q.eq('userId', identity.subject))
.collect()
@@ -24,9 +33,8 @@ export const createSession = mutation({
await ctx.db.delete(session._id)
}
- // Create new session
const now = Date.now()
- return await ctx.db.insert('encryptionSessions', {
+ return await ctx.db.insert('userSessions', {
userId: identity.subject,
sessionId: args.sessionId,
encryptedSessionData: args.encryptedSessionData,
@@ -38,7 +46,9 @@ export const createSession = mutation({
},
})
-// Get current session
+/**
+ * Get the current encryption session
+ */
export const getSession = query({
args: { sessionId: v.string() },
handler: async (ctx, args) => {
@@ -46,16 +56,14 @@ export const getSession = query({
if (!identity) return null
const session = await ctx.db
- .query('encryptionSessions')
+ .query('userSessions')
.withIndex('by_session_id', (q) => q.eq('sessionId', args.sessionId))
.first()
if (!session) return null
- // Check if session belongs to user
if (session.userId !== identity.subject) return null
- // Check if expired (deletion handled by cron job or createSession)
if (Date.now() > session.expiresAt) {
return null
}
@@ -68,7 +76,9 @@ export const getSession = query({
},
})
-// Extend session TTL (called on activity)
+/**
+ * Extend the session TTL
+ */
export const extendSession = mutation({
args: { sessionId: v.string() },
handler: async (ctx, args) => {
@@ -76,7 +86,7 @@ export const extendSession = mutation({
if (!identity) throw new Error('Unauthorized')
const session = await ctx.db
- .query('encryptionSessions')
+ .query('userSessions')
.withIndex('by_session_id', (q) => q.eq('sessionId', args.sessionId))
.first()
@@ -84,7 +94,6 @@ export const extendSession = mutation({
throw new Error('Session not found')
}
- // Check if already expired
if (Date.now() > session.expiresAt) {
await ctx.db.delete(session._id)
throw new Error('Session expired')
@@ -100,7 +109,9 @@ export const extendSession = mutation({
},
})
-// Delete session (logout)
+/**
+ * Delete the encryption session
+ */
export const deleteSession = mutation({
args: { sessionId: v.string() },
handler: async (ctx, args) => {
@@ -108,7 +119,7 @@ export const deleteSession = mutation({
if (!identity) throw new Error('Unauthorized')
const session = await ctx.db
- .query('encryptionSessions')
+ .query('userSessions')
.withIndex('by_session_id', (q) => q.eq('sessionId', args.sessionId))
.first()
@@ -118,48 +129,22 @@ export const deleteSession = mutation({
},
})
-// Get user's encryption keys (for initial setup)
-export const getUserKeys = query({
+/**
+ * Clean up expired user sessions from the database
+ */
+export const cleanupExpiredSessions = internalMutation({
handler: async (ctx) => {
- const identity = await ctx.auth.getUserIdentity()
- if (!identity) return null
-
- const keys = await ctx.db
- .query('userKeys')
- .withIndex('by_user', (q) => q.eq('userId', identity.subject))
- .first()
-
- return keys
- },
-})
-
-// Store user's PGP keys (on signup)
-export const storeUserKeys = mutation({
- args: {
- encryptedPrivateKey: v.string(),
- publicKey: v.string(),
- },
- handler: async (ctx, args) => {
- const identity = await ctx.auth.getUserIdentity()
- if (!identity) throw new Error('Unauthorized')
-
- const existing = await ctx.db
- .query('userKeys')
- .withIndex('by_user', (q) => q.eq('userId', identity.subject))
- .first()
+ const now = Date.now()
+ const expiredSessions = await ctx.db
+ .query('userSessions')
+ .withIndex('by_expiry')
+ .filter((q) => q.lt(q.field('expiresAt'), now))
+ .collect()
- if (existing) {
- throw new Error('Keys already exist for this user')
+ for (const session of expiredSessions) {
+ await ctx.db.delete(session._id)
}
- return await ctx.db.insert('userKeys', {
- userId: identity.subject,
- encryptedPrivateKey: args.encryptedPrivateKey,
- publicKey: args.publicKey,
- createdAt: Date.now(),
- })
+ console.log(`Cleaned up ${expiredSessions.length} expired sessions`)
},
})
-
-// Re-export cleanup function from encryptionSessions
-export { cleanupExpiredSessions } from './encryptionSessions'
diff --git a/package-lock.json b/package-lock.json
index 4d0af2b..207dd93 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -25,6 +25,7 @@
"convex": "^1.27.3",
"lucide-react": "^0.561.0",
"nitro": "npm:nitro-nightly@latest",
+ "openpgp": "^6.3.0",
"radix-ui": "^1.4.3",
"react": "^19.2.0",
"react-dom": "^19.2.0",
@@ -8376,6 +8377,15 @@
"integrity": "sha512-RdR9FQrFwNBNXAr4GixM8YaRZRJ5PUWbKYbE5eOsrwAjJW0q2REGcf79oYPsLyskQCZG1PLN+S/K1V00joZAoQ==",
"license": "MIT"
},
+ "node_modules/openpgp": {
+ "version": "6.3.0",
+ "resolved": "https://registry.npmjs.org/openpgp/-/openpgp-6.3.0.tgz",
+ "integrity": "sha512-pLzCU8IgyKXPSO11eeharQkQ4GzOKNWhXq79pQarIRZEMt1/ssyr+MIuWBv1mNoenJLg04gvPx+fi4gcKZ4bag==",
+ "license": "LGPL-3.0+",
+ "engines": {
+ "node": ">= 18.0.0"
+ }
+ },
"node_modules/optionator": {
"version": "0.9.4",
"resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.4.tgz",
diff --git a/package.json b/package.json
index 7468610..ab83512 100644
--- a/package.json
+++ b/package.json
@@ -10,7 +10,8 @@
"lint": "eslint",
"format": "prettier --check .",
"validate": "prettier --write . && eslint --fix",
- "prepare": "husky"
+ "prepare": "husky",
+ "db:start": "npx convex dev"
},
"dependencies": {
"@clerk/clerk-react": "^5.49.0",
@@ -32,6 +33,7 @@
"convex": "^1.27.3",
"lucide-react": "^0.561.0",
"nitro": "npm:nitro-nightly@latest",
+ "openpgp": "^6.3.0",
"radix-ui": "^1.4.3",
"react": "^19.2.0",
"react-dom": "^19.2.0",
diff --git a/src/hooks/useEncryption.ts b/src/hooks/useEncryption.ts
new file mode 100644
index 0000000..f780d82
--- /dev/null
+++ b/src/hooks/useEncryption.ts
@@ -0,0 +1,50 @@
+import * as openpgp from 'openpgp'
+import { useStore } from '@tanstack/react-store'
+import { encryptionStore } from '@/stores/encryptionStore'
+
+export const useEncryption = () => {
+ const state = useStore(encryptionStore)
+
+ const encrypt = async (data: string): Promise => {
+ if (!state.keys) {
+ throw new Error('No public key available')
+ }
+
+ const message = await openpgp.createMessage({
+ text: data,
+ })
+
+ const publicKeyObj = await openpgp.readKey({
+ armoredKey: state.keys.publicKey,
+ })
+
+ const encrypted = await openpgp.encrypt({
+ message,
+ encryptionKeys: publicKeyObj,
+ })
+
+ return encrypted as string
+ }
+
+ const decrypt = async (encryptedData: string): Promise => {
+ if (!state.keys) {
+ throw new Error('No decryption keys available')
+ }
+
+ const message = await openpgp.readMessage({
+ armoredMessage: encryptedData,
+ })
+
+ const { data: decrypted } = await openpgp.decrypt({
+ message,
+ decryptionKeys: state.keys.privateKey,
+ })
+
+ return decrypted as string
+ }
+
+ return {
+ encrypt,
+ decrypt,
+ }
+}
diff --git a/src/stores/encryptionStore.ts b/src/stores/encryptionStore.ts
new file mode 100644
index 0000000..69a3ef7
--- /dev/null
+++ b/src/stores/encryptionStore.ts
@@ -0,0 +1,15 @@
+import { Store } from '@tanstack/react-store'
+import type { EncryptionState } from '@/types/encryption'
+
+/**
+ * Global encryption store
+ * Manages encryption keys and session state in memory
+ */
+export const encryptionStore = new Store({
+ keys: null,
+ sessionId: null,
+ sessionKey: null,
+ userId: null,
+ isLoading: false,
+ error: null,
+})
diff --git a/src/types/encryption.ts b/src/types/encryption.ts
new file mode 100644
index 0000000..5367ecd
--- /dev/null
+++ b/src/types/encryption.ts
@@ -0,0 +1,21 @@
+import type * as openpgp from 'openpgp'
+
+/**
+ * PGP key pair stored in memory
+ */
+export type PGPKeys = {
+ privateKey: openpgp.PrivateKey
+ publicKey: string
+}
+
+/**
+ * Encryption store state
+ */
+export type EncryptionState = {
+ keys: PGPKeys | null
+ sessionId: string | null
+ sessionKey: Uint8Array | null
+ userId: string | null
+ isLoading: boolean
+ error: string | null
+}
diff --git a/src/views/EncryptDemoView.tsx b/src/views/EncryptDemoView.tsx
index 6496437..658be35 100644
--- a/src/views/EncryptDemoView.tsx
+++ b/src/views/EncryptDemoView.tsx
@@ -3,19 +3,51 @@ import { Card, CardContent } from '@/components/ui/card'
import {
Field,
FieldDescription,
+ FieldError,
FieldGroup,
FieldLabel,
} from '@/components/ui/field'
import { Textarea } from '@/components/ui/textarea'
import { Button } from '@/components/ui/button'
+import { useEncryption } from '@/hooks/useEncryption'
export const EncryptDemoView = () => {
- const [message, setMessage] = useState('asdasdasdad')
- const [encryptedMessage, setEncryptedMessage] = useState('')
- const [decryptedMessage, setDecryptedMessage] = useState('')
+ const { encrypt, decrypt } = useEncryption()
+ const [plainText, setPlainText] = useState('')
+ const [encryptedText, setEncryptedText] = useState('')
+ const [decryptedText, setDecryptedText] = useState('')
- const handleEncrypt = () => {
- setEncryptedMessage(message)
+ const [error, setError] = useState(null)
+ const [isEncrypting, setIsEncrypting] = useState(false)
+ const [isDecrypting, setIsDecrypting] = useState(false)
+
+ const handleEncrypt = async () => {
+ try {
+ setIsEncrypting(true)
+ setDecryptedText('')
+ setError(null)
+
+ const encrypted = await encrypt(plainText)
+ setEncryptedText(encrypted)
+ } catch (err) {
+ setError(err instanceof Error ? err.message : 'Encryption failed')
+ } finally {
+ setIsEncrypting(false)
+ }
+ }
+
+ const handleDecrypt = async () => {
+ try {
+ setIsDecrypting(true)
+ setError(null)
+
+ const decrypted = await decrypt(encryptedText)
+ setDecryptedText(decrypted)
+ } catch (err) {
+ setError(err instanceof Error ? err.message : 'Decryption failed')
+ } finally {
+ setIsDecrypting(false)
+ }
}
return (
@@ -23,31 +55,55 @@ export const EncryptDemoView = () => {
Encrypt Demo Page
-
-
+
+ {error}
+ MessageEnter your message below.