getAlby · rolznz · Aug 8, 2024 · Aug 7, 2024 · Aug 7, 2024 · Aug 7, 2024
diff --git a/api/api.go b/api/api.go
@@ -609,11 +609,15 @@
 	return &info, nil
 }
 
-func (api *api) GetEncryptedMnemonic() *EncryptedMnemonicResponse {
-	resp := EncryptedMnemonicResponse{}
-	mnemonic, _ := api.cfg.Get("Mnemonic", "")
-	resp.Mnemonic = mnemonic
-	return &resp
+func (api *api) GetMnemonic(unlockPassword string) (*MnemonicResponse, error) {
+	resp := MnemonicResponse{}
+	mnemonic, err := api.cfg.Get("Mnemonic", unlockPassword)
+	if err != nil {
+		return &resp, fmt.Errorf("failed to fetch encryption key: %w", err)
+	}
+
+	resp.Mnemonic = encryptedMnemonic
+	return &resp, err
 }
 
 func (api *api) SetNextBackupReminder(backupReminderRequest *BackupReminderRequest) error {

diff --git a/api/models.go b/api/models.go
@@ -40,7 +40,7 @@ type API interface {
 	LookupInvoice(ctx context.Context, paymentHash string) (*LookupInvoiceResponse, error)
 	RequestMempoolApi(endpoint string) (interface{}, error)
 	GetInfo(ctx context.Context) (*InfoResponse, error)
-	GetEncryptedMnemonic() *EncryptedMnemonicResponse
+	GetMnemonic(unlockPassword string) (*MnemonicResponse, error)
 	SetNextBackupReminder(backupReminderRequest *BackupReminderRequest) error
 	Start(startRequest *StartRequest) error
 	Setup(ctx context.Context, setupRequest *SetupRequest) error
@@ -159,7 +159,11 @@ type InfoResponse struct {
 	Network              string `json:"network"`
 }
 
-type EncryptedMnemonicResponse struct {
+type MnemonicRequest struct {
+	UnlockPassword string `json:"unlockPassword"`
+}
+
+type MnemonicResponse struct {
 	Mnemonic string `json:"mnemonic"`
 }
 

diff --git a/frontend/src/hooks/useEncryptedMnemonic.ts b/frontend/src/hooks/useEncryptedMnemonic.ts
diff --git a/frontend/src/screens/BackupMnemonic.tsx b/frontend/src/screens/BackupMnemonic.tsx
@@ -3,7 +3,6 @@ import React, { useState } from "react";
 import { useNavigate } from "react-router-dom";
 
 import Container from "src/components/Container";
-import Loading from "src/components/Loading";
 import MnemonicInputs from "src/components/MnemonicInputs";
 import SettingsHeader from "src/components/SettingsHeader";
 import { Button } from "src/components/ui/button";
@@ -13,9 +12,8 @@ import { Label } from "src/components/ui/label";
 import { LoadingButton } from "src/components/ui/loading-button";
 import { useToast } from "src/components/ui/use-toast";
 import { useCSRF } from "src/hooks/useCSRF";
-import { useEncryptedMnemonic } from "src/hooks/useEncryptedMnemonic";
 import { useInfo } from "src/hooks/useInfo";
-import { aesGcmDecrypt } from "src/utils/aesgcm";
+import { MnemonicResponse } from "src/types";
 import { handleRequestError } from "src/utils/handleRequestError";
 import { request } from "src/utils/request";
 
@@ -24,23 +22,31 @@ export function BackupMnemonic() {
   const { data: csrf } = useCSRF();
   const { toast } = useToast();
   const { mutate: refetchInfo } = useInfo();
-  const { data: mnemonic } = useEncryptedMnemonic();
 
   const [unlockPassword, setUnlockPassword] = React.useState("");
   const [decryptedMnemonic, setDecryptedMnemonic] = React.useState("");
   const [loading, setLoading] = React.useState(false);
   const [backedUp, setIsBackedUp] = useState<boolean>(false);
 
-  if (!mnemonic) {
-    return <Loading />;
-  }
-
   const onSubmitPassword = async (e: React.FormEvent) => {
     e.preventDefault();
     try {
       setLoading(true);
-      const dec = await aesGcmDecrypt(mnemonic.mnemonic, unlockPassword);
-      setDecryptedMnemonic(dec);
+      if (!csrf) {
+        throw new Error("No CSRF token");
+      }
+      const result = await request<MnemonicResponse>("/api/mnemonic", {
+        method: "POST",
+        headers: {
+          "X-CSRF-Token": csrf,
+          "Content-Type": "application/json",
+        },
+        body: JSON.stringify({
+          unlockPassword,
+        }),
+      });
+
+      setDecryptedMnemonic(result?.mnemonic ?? "");
     } catch (error) {
       toast({
         title: "Incorrect password",

diff --git a/frontend/src/types.ts b/frontend/src/types.ts
@@ -150,7 +150,7 @@ export interface InfoResponse {
 
 export type Network = "bitcoin" | "testnet" | "signet";
 
-export interface EncryptedMnemonicResponse {
+export interface MnemonicResponse {
   mnemonic: string;
 }
 

diff --git a/frontend/src/utils/aesgcm.ts b/frontend/src/utils/aesgcm.ts
diff --git a/http/http_service.go b/http/http_service.go
@@ -93,7 +93,7 @@ func (httpSvc *HttpService) RegisterSharedRoutes(e *echo.Echo) {
 	e.PATCH("/api/apps/:pubkey", httpSvc.appsUpdateHandler, authMiddleware)
 	e.DELETE("/api/apps/:pubkey", httpSvc.appsDeleteHandler, authMiddleware)
 	e.POST("/api/apps", httpSvc.appsCreateHandler, authMiddleware)
-	e.GET("/api/encrypted-mnemonic", httpSvc.encryptedMnemonicHandler, authMiddleware)
+	e.POST("/api/mnemonic", httpSvc.mnemonicHandler, authMiddleware)
 	e.PATCH("/api/backup-reminder", httpSvc.backupReminderHandler, authMiddleware)
 
 	e.GET("/api/csrf", httpSvc.csrfHandler)
@@ -169,8 +169,28 @@ func (httpSvc *HttpService) infoHandler(c echo.Context) error {
 	return c.JSON(http.StatusOK, responseBody)
 }
 
-func (httpSvc *HttpService) encryptedMnemonicHandler(c echo.Context) error {
-	responseBody := httpSvc.api.GetEncryptedMnemonic()
+func (httpSvc *HttpService) mnemonicHandler(c echo.Context) error {
+	var mnemonicRequest api.MnemonicRequest
+	if err := c.Bind(&mnemonicRequest); err != nil {
+		return c.JSON(http.StatusBadRequest, ErrorResponse{
+			Message: fmt.Sprintf("Bad request: %s", err.Error()),
+		})
+	}
+
+	if !httpSvc.cfg.CheckUnlockPassword(mnemonicRequest.UnlockPassword) {
+		return c.JSON(http.StatusUnauthorized, ErrorResponse{
+			Message: "Invalid password",
+		})
+	}
+
+	responseBody, err := httpSvc.api.GetMnemonic(mnemonicRequest.UnlockPassword)
+
+	if err != nil {
+		return c.JSON(http.StatusInternalServerError, ErrorResponse{
+			Message: err.Error(),
+		})
+	}
+
 	return c.JSON(http.StatusOK, responseBody)
 }
 

diff --git a/wails/wails_handlers.go b/wails/wails_handlers.go
@@ -543,9 +543,31 @@ func (app *WailsApp) WailsRequestRouter(route string, method string, body string
 		}
 		res := WailsRequestRouterResponse{Error: ""}
 		return res
-	case "/api/encrypted-mnemonic":
-		infoResponse := app.api.GetEncryptedMnemonic()
-		res := WailsRequestRouterResponse{Body: *infoResponse, Error: ""}
+	case "/api/mnemonic":
+		mnemonicRequest := &api.MnemonicRequest{}
+		err := json.Unmarshal([]byte(body), mnemonicRequest)
+		if err != nil {
+			logger.Logger.WithFields(logrus.Fields{
+				"route":  route,
+				"method": method,
+				// Skip logging the body for this request as we don't want the
+				// unlock password to end up in any logs
+				// "body": body,
+			}).WithError(err).Error("Failed to parse mnemonic request")
+			return WailsRequestRouterResponse{Body: nil, Error: err.Error()}
+		}
+		mnemonicResponse, err := app.api.GetMnemonic(mnemonicRequest.UnlockPassword)
+		if err != nil {
+			logger.Logger.WithFields(logrus.Fields{
+				"route":  route,
+				"method": method,
+				// Skip logging the body for this request as we don't want the
+				// unlock password to end up in any logs
+				// "body": body,
+			}).WithError(err).Error("Failed to get mnemonic")
+			return WailsRequestRouterResponse{Body: nil, Error: err.Error()}
+		}
+		res := WailsRequestRouterResponse{Body: *mnemonicResponse, Error: ""}
 		return res
 	case "/api/backup-reminder":
 		backupReminderRequest := &api.BackupReminderRequest{}