hippius 0.2.30__tar.gz → 0.2.31__tar.gz

{hippius-0.2.30 → hippius-0.2.31}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: hippius
-Version: 0.2.30
+Version: 0.2.31
 Summary: Python SDK and CLI for Hippius blockchain storage
 Home-page: https://github.com/thenervelab/hippius-sdk
 Author: Dubs

{hippius-0.2.30 → hippius-0.2.31}/hippius_sdk/__init__.py

@@ -26,7 +26,7 @@ from hippius_sdk.config import (
 from hippius_sdk.ipfs import IPFSClient, S3PublishResult, S3DownloadResult
 from hippius_sdk.utils import format_cid, format_size, hex_to_ipfs_cid
 
-__version__ = "0.2.30"
+__version__ = "0.2.31"
 __all__ = [
     "HippiusClient",
     "IPFSClient",

{hippius-0.2.30 → hippius-0.2.31}/hippius_sdk/client.py

@@ -516,6 +516,7 @@ class HippiusClient:
         file_path: str,
         encrypt: bool,
         seed_phrase: str,
+        subaccount_id: str,
         store_node: str = "http://localhost:5001",
         pin_node: str = "https://store.hippius.network",
         substrate_url: str = "wss://rpc.hippius.network",
@@ -548,6 +549,7 @@ class HippiusClient:
             file_path,
             encrypt,
             seed_phrase,
+            subaccount_id,
             store_node,
             pin_node,
             substrate_url,
@@ -557,7 +559,7 @@ class HippiusClient:
         self,
         cid: str,
         output_path: str,
-        seed_phrase: str,
+        subaccount_id: str,
         auto_decrypt: bool = True,
         download_node: str = "http://localhost:5001",
     ) -> S3DownloadResult:
@@ -574,7 +576,7 @@ class HippiusClient:
         Args:
             cid: Content Identifier (CID) of the file to download
             output_path: Path where the downloaded file will be saved
-            seed_phrase: Seed phrase to use for retrieving decryption keys
+            subaccount_id: The subaccount id as api key
             auto_decrypt: Whether to attempt automatic decryption (default: True)
             download_node: IPFS node URL for download (default: local node)
 
@@ -587,5 +589,5 @@ class HippiusClient:
             ValueError: If decryption fails
         """
         return await self.ipfs_client.s3_download(
-            cid, output_path, seed_phrase, auto_decrypt, download_node
+            cid, output_path, subaccount_id, auto_decrypt, download_node
         )

hippius-0.2.31/hippius_sdk/db/migrations/20241202000001_switch_to_subaccount_encryption.sql

@@ -0,0 +1,34 @@
+-- migrate:up
+
+-- For security reasons, completely drop all existing tables and data
+-- This removes any stored seed phrases from the database
+DROP TABLE IF EXISTS encryption_keys CASCADE;
+DROP TABLE IF EXISTS seed_phrases CASCADE;
+
+-- Create new simplified schema using only subaccount_id
+-- No seed phrases are stored in the database anymore
+CREATE TABLE encryption_keys (
+    id SERIAL PRIMARY KEY,
+    subaccount_id VARCHAR(255) NOT NULL,
+    encryption_key_b64 TEXT NOT NULL,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+);
+
+-- Index for efficient lookups of latest encryption key per subaccount
+CREATE INDEX idx_encryption_keys_subaccount_created 
+ON encryption_keys(subaccount_id, created_at DESC);
+
+-- Comments for documentation
+COMMENT ON TABLE encryption_keys IS 'Stores versioned encryption keys per subaccount ID (never deleted, always use most recent)';
+COMMENT ON COLUMN encryption_keys.subaccount_id IS 'Subaccount identifier for key association';
+COMMENT ON COLUMN encryption_keys.encryption_key_b64 IS 'Base64 encoded encryption key';
+
+-- migrate:down
+
+-- Drop new table
+DROP INDEX IF EXISTS idx_encryption_keys_subaccount_created;
+DROP TABLE IF EXISTS encryption_keys;
+
+-- Note: We do NOT recreate the old seed_phrases table in the down migration
+-- This is intentional for security - once we've removed seed phrases from the DB,
+-- we don't want to accidentally restore them

{hippius-0.2.30 → hippius-0.2.31}/hippius_sdk/ipfs.py

@@ -21,8 +21,8 @@ from hippius_sdk.config import get_config_value, get_encryption_key
 from hippius_sdk.errors import HippiusIPFSError, HippiusSubstrateError
 from hippius_sdk.ipfs_core import AsyncIPFSClient
 from hippius_sdk.key_storage import (
-    generate_and_store_key_for_seed,
-    get_key_for_seed,
+    generate_and_store_key_for_subaccount,
+    get_key_for_subaccount,
     is_key_storage_enabled,
 )
 from hippius_sdk.substrate import FileInput, SubstrateClient
@@ -1939,6 +1939,7 @@ class IPFSClient:
         file_path: str,
         encrypt: bool,
         seed_phrase: str,
+        subaccount_id: str,
         store_node: str = "http://localhost:5001",
         pin_node: str = "https://store.hippius.network",
         substrate_url: str = "wss://rpc.hippius.network",
@@ -1994,17 +1995,19 @@ class IPFSClient:
 
             if key_storage_available:
                 # Try to get existing key for this seed phrase
-                existing_key_b64 = await get_key_for_seed(seed_phrase)
+                existing_key_b64 = await get_key_for_subaccount(subaccount_id)
 
                 if existing_key_b64:
                     # Use existing key
-                    logger.debug("Using existing encryption key for seed phrase")
+                    logger.debug("Using existing encryption key for subaccount")
                     encryption_key_bytes = base64.b64decode(existing_key_b64)
                     encryption_key_used = existing_key_b64
                 else:
-                    # Generate and store new key for this seed phrase
-                    logger.info("Generating new encryption key for seed phrase")
-                    new_key_b64 = await generate_and_store_key_for_seed(seed_phrase)
+                    # Generate and store new key for this subaccount
+                    logger.info("Generating new encryption key for subaccount")
+                    new_key_b64 = await generate_and_store_key_for_subaccount(
+                        subaccount_id
+                    )
                     encryption_key_bytes = base64.b64decode(new_key_b64)
                     encryption_key_used = new_key_b64
 
@@ -2120,7 +2123,7 @@ class IPFSClient:
         self,
         cid: str,
         output_path: str,
-        seed_phrase: str,
+        subaccount_id: str,
         auto_decrypt: bool = True,
         download_node: str = "http://localhost:5001",
     ) -> S3DownloadResult:
@@ -2137,7 +2140,7 @@ class IPFSClient:
         Args:
             cid: Content Identifier (CID) of the file to download
             output_path: Path where the downloaded file will be saved
-            seed_phrase: Seed phrase to use for retrieving decryption keys
+            subaccount_id: The subaccount id as api key
             auto_decrypt: Whether to attempt automatic decryption (default: True)
             download_node: IPFS node URL for download (default: local node)
 
@@ -2218,11 +2221,11 @@ class IPFSClient:
                 if key_storage_available:
                     # Try to get the encryption key for this seed phrase
                     try:
-                        existing_key_b64 = await get_key_for_seed(seed_phrase)
+                        existing_key_b64 = await get_key_for_subaccount(subaccount_id)
 
                         if existing_key_b64:
                             logger.debug(
-                                "Found encryption key for seed phrase, attempting decryption"
+                                "Found encryption key for subaccount, attempting decryption"
                             )
                             decryption_attempted = True
                             encryption_key_used = existing_key_b64

{hippius-0.2.30 → hippius-0.2.31}/hippius_sdk/key_storage.py

@@ -1,15 +1,12 @@
 """
-Key storage module for managing encryption keys per seed phrase.
+Key storage module for managing encryption keys per subaccount ID.
 
 This module provides PostgreSQL-backed storage for:
-1. Base64 encoded seed phrases
-2. Encryption keys associated with each seed phrase (versioned, never deleted)
+1. Encryption keys associated with each subaccount ID (versioned, never deleted)
 """
 
 import base64
 import hashlib
-import os
-from datetime import datetime
 from typing import Optional
 
 from hippius_sdk.config import get_config_value
@@ -30,7 +27,7 @@ class KeyStorageError(Exception):
 
 
 class KeyStorage:
-    """PostgreSQL-backed key storage for seed phrases and encryption keys."""
+    """PostgreSQL-backed key storage for subaccount encryption keys."""
 
     def __init__(self, database_url: Optional[str] = None):
         """
@@ -62,34 +59,23 @@ class KeyStorage:
 
     async def _ensure_tables_exist(self):
         """Create tables if they don't exist."""
-        create_seed_phrases_table = """
-        CREATE TABLE IF NOT EXISTS seed_phrases (
-            id SERIAL PRIMARY KEY,
-            seed_hash VARCHAR(64) UNIQUE NOT NULL,
-            seed_phrase_b64 TEXT NOT NULL,
-            created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
-        );
-        """
-
         create_encryption_keys_table = """
         CREATE TABLE IF NOT EXISTS encryption_keys (
             id SERIAL PRIMARY KEY,
-            seed_hash VARCHAR(64) NOT NULL,
+            subaccount_id VARCHAR(255) NOT NULL,
             encryption_key_b64 TEXT NOT NULL,
-            created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
-            FOREIGN KEY (seed_hash) REFERENCES seed_phrases(seed_hash)
+            created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
         );
         """
 
         create_index = """
-        CREATE INDEX IF NOT EXISTS idx_encryption_keys_seed_hash_created 
-        ON encryption_keys(seed_hash, created_at DESC);
+        CREATE INDEX IF NOT EXISTS idx_encryption_keys_subaccount_created 
+        ON encryption_keys(subaccount_id, created_at DESC);
         """
 
         try:
             conn = await self._get_connection()
             try:
-                await conn.execute(create_seed_phrases_table)
                 await conn.execute(create_encryption_keys_table)
                 await conn.execute(create_index)
             finally:
@@ -97,59 +83,37 @@ class KeyStorage:
         except Exception as e:
             raise KeyStorageError(f"Failed to create tables: {e}")
 
-    def _hash_seed_phrase(self, seed_phrase: str) -> str:
-        """Create a SHA-256 hash of the seed phrase for indexing."""
-        return hashlib.sha256(seed_phrase.encode("utf-8")).hexdigest()
-
-    async def _ensure_seed_phrase_exists(self, seed_phrase: str) -> str:
-        """Ensure seed phrase exists in database and return its hash."""
-        seed_hash = self._hash_seed_phrase(seed_phrase)
-        seed_phrase_b64 = base64.b64encode(seed_phrase.encode("utf-8")).decode("utf-8")
-
-        try:
-            conn = await self._get_connection()
-            try:
-                # Try to insert, ignore if already exists
-                await conn.execute(
-                    """
-                    INSERT INTO seed_phrases (seed_hash, seed_phrase_b64) 
-                    VALUES ($1, $2) 
-                    ON CONFLICT (seed_hash) DO NOTHING
-                """,
-                    seed_hash,
-                    seed_phrase_b64,
-                )
-            finally:
-                await conn.close()
-            return seed_hash
-        except Exception as e:
-            raise KeyStorageError(f"Failed to store seed phrase: {e}")
+    def _hash_subaccount_id(self, subaccount_id: str) -> str:
+        """Create a SHA-256 hash of the subaccount ID for indexing."""
+        return hashlib.sha256(subaccount_id.encode("utf-8")).hexdigest()
 
-    async def set_key_for_seed(self, seed_phrase: str, encryption_key_b64: str) -> None:
+    async def set_key_for_subaccount(
+        self, subaccount_id: str, encryption_key_b64: str
+    ) -> None:
         """
-        Store a new encryption key for a seed phrase.
+        Store a new encryption key for a subaccount.
 
         Creates a new row (doesn't update existing ones) to maintain key history.
 
         Args:
-            seed_phrase: The seed phrase
+            subaccount_id: The subaccount identifier
             encryption_key_b64: Base64-encoded encryption key
 
         Raises:
             KeyStorageError: If storage fails
         """
         await self._ensure_tables_exist()
-        seed_hash = await self._ensure_seed_phrase_exists(seed_phrase)
+        subaccount_hash = self._hash_subaccount_id(subaccount_id)
 
         try:
             conn = await self._get_connection()
             try:
                 await conn.execute(
                     """
-                    INSERT INTO encryption_keys (seed_hash, encryption_key_b64)
+                    INSERT INTO encryption_keys (subaccount_id, encryption_key_b64)
                     VALUES ($1, $2)
                 """,
-                    seed_hash,
+                    subaccount_hash,
                     encryption_key_b64,
                 )
             finally:
@@ -157,12 +121,12 @@ class KeyStorage:
         except Exception as e:
             raise KeyStorageError(f"Failed to store encryption key: {e}")
 
-    async def get_key_for_seed(self, seed_phrase: str) -> Optional[str]:
+    async def get_key_for_subaccount(self, subaccount_id: str) -> Optional[str]:
         """
-        Get the most recent encryption key for a seed phrase.
+        Get the most recent encryption key for a subaccount.
 
         Args:
-            seed_phrase: The seed phrase
+            subaccount_id: The subaccount identifier
 
         Returns:
             Base64-encoded encryption key or None if not found
@@ -171,7 +135,7 @@ class KeyStorage:
             KeyStorageError: If database operation fails
         """
         await self._ensure_tables_exist()
-        seed_hash = self._hash_seed_phrase(seed_phrase)
+        subaccount_hash = self._hash_subaccount_id(subaccount_id)
 
         try:
             conn = await self._get_connection()
@@ -180,11 +144,11 @@ class KeyStorage:
                     """
                     SELECT encryption_key_b64 
                     FROM encryption_keys 
-                    WHERE seed_hash = $1 
+                    WHERE subaccount_id = $1 
                     ORDER BY created_at DESC 
                     LIMIT 1
                 """,
-                    seed_hash,
+                    subaccount_hash,
                 )
 
                 return result["encryption_key_b64"] if result else None
@@ -193,12 +157,12 @@ class KeyStorage:
         except Exception as e:
             raise KeyStorageError(f"Failed to retrieve encryption key: {e}")
 
-    async def generate_and_store_key_for_seed(self, seed_phrase: str) -> str:
+    async def generate_and_store_key_for_subaccount(self, subaccount_id: str) -> str:
         """
-        Generate a new encryption key and store it for the seed phrase.
+        Generate a new encryption key and store it for the subaccount.
 
         Args:
-            seed_phrase: The seed phrase
+            subaccount_id: The subaccount identifier
 
         Returns:
             Base64-encoded encryption key that was generated and stored
@@ -206,17 +170,14 @@ class KeyStorage:
         Raises:
             KeyStorageError: If generation or storage fails
         """
-        # Generate a new encryption key
         try:
             import nacl.secret
             import nacl.utils
 
-            # Generate a random key
             key = nacl.utils.random(nacl.secret.SecretBox.KEY_SIZE)
             key_b64 = base64.b64encode(key).decode("utf-8")
 
-            # Store it
-            await self.set_key_for_seed(seed_phrase, key_b64)
+            await self.set_key_for_subaccount(subaccount_id, key_b64)
 
             return key_b64
         except ImportError:
@@ -261,38 +222,42 @@ def get_default_storage() -> KeyStorage:
     return _default_storage
 
 
-async def get_key_for_seed(seed_phrase: str) -> Optional[str]:
+async def get_key_for_subaccount(subaccount_id: str) -> Optional[str]:
     """
-    Get the most recent encryption key for a seed phrase.
+    Get the most recent encryption key for a subaccount.
 
     Args:
-        seed_phrase: The seed phrase
+        subaccount_id: The subaccount identifier
 
     Returns:
         Base64-encoded encryption key or None if not found
     """
-    return await get_default_storage().get_key_for_seed(seed_phrase)
+    return await get_default_storage().get_key_for_subaccount(subaccount_id)
 
 
-async def set_key_for_seed(seed_phrase: str, encryption_key_b64: str) -> None:
+async def set_key_for_subaccount(subaccount_id: str, encryption_key_b64: str) -> None:
     """
-    Store a new encryption key for a seed phrase.
+    Store a new encryption key for a subaccount.
 
     Args:
-        seed_phrase: The seed phrase
+        subaccount_id: The subaccount identifier
         encryption_key_b64: Base64-encoded encryption key
     """
-    return await get_default_storage().set_key_for_seed(seed_phrase, encryption_key_b64)
+    return await get_default_storage().set_key_for_subaccount(
+        subaccount_id, encryption_key_b64
+    )
 
 
-async def generate_and_store_key_for_seed(seed_phrase: str) -> str:
+async def generate_and_store_key_for_subaccount(subaccount_id: str) -> str:
     """
-    Generate a new encryption key and store it for the seed phrase.
+    Generate a new encryption key and store it for the subaccount.
 
     Args:
-        seed_phrase: The seed phrase
+        subaccount_id: The subaccount identifier
 
     Returns:
         Base64-encoded encryption key that was generated and stored
     """
-    return await get_default_storage().generate_and_store_key_for_seed(seed_phrase)
+    return await get_default_storage().generate_and_store_key_for_subaccount(
+        subaccount_id
+    )

{hippius-0.2.30 → hippius-0.2.31}/hippius_sdk/substrate.py

@@ -1270,7 +1270,6 @@ class SubstrateClient:
             return result.value
         return None
 
-
     def is_main_account(self, account_id: str, seed_phrase: str) -> bool:
         sub_account = self.query_sub_account(account_id, seed_phrase=seed_phrase)
         return sub_account is None
@@ -1288,8 +1287,6 @@ class SubstrateClient:
         # Return the u128 value (converted to int for Python compatibility)
         return int(result.value) if result and result.value is not None else 0
 
-
-
     def get_account_roles(self, account_id: str, seed_phrase) -> int:
         if not self._substrate:
             self.connect(seed_phrase)

{hippius-0.2.30 → hippius-0.2.31}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "hippius"
-version = "0.2.30"
+version = "0.2.31"
 description = "Python SDK and CLI for Hippius blockchain storage"
 authors = ["Dubs <dubs@dubs.rs>"]
 readme = "README.md"