refactor: update mnemonic to be saved as bytes

Author: SalmaElsoly

backend/app/admin_handler.go

@@ -107,26 +107,13 @@ func (h *Handler) ListUsersHandler(c *gin.Context) {
 		go func(user models.User) {
 			defer wg.Done()
 			defer func() { <-balanceConcurrencyLimiter }()
-			if len(user.Mnemonic) == 0 {
+			if len(user.Mnemonic) == 0 || len(user.AccountAddress) == 0 {
 				mu.Lock()
 				usersWithBalance = append(usersWithBalance, UserResponse{User: user, Balance: 0})
 				mu.Unlock()
 				return
 			}
 
-			if len(user.AccountAddress) == 0 {
-				addr, err := internal.AccountFromMnemonic(user.Mnemonic)
-				if err != nil {
-					logger.GetLogger().Error().Err(err).Int("user_id", user.ID).Msg("failed to derive account address from mnemonic")
-					mu.Lock()
-					multiErr = multierror.Append(multiErr, fmt.Errorf("failed to derive account address from mnemonic for user %d: %w", user.ID, err))
-					mu.Unlock()
-					return
-				}
-
-				user.AccountAddress = addr
-			}
-
 			decryptedMnemonic, err := h.cryptoManager.DecryptMnemonic(user.Mnemonic, user.AccountAddress)
 			if err != nil {
 				logger.GetLogger().Error().Err(err).Int("user_id", user.ID).Msg("failed to decrypt user mnemonic")

backend/app/app.go

@@ -76,6 +76,11 @@ func NewApp(ctx context.Context, config internal.Configuration) (*App, error) {
 		return nil, fmt.Errorf("failed to create user storage: %w", err)
 	}
 
+	// Initialize: ensure any plaintext mnemonics get encrypted (idempotent)
+	if err := cryptoMgr.EnsureMnemonicsEncrypted(ctx, db); err != nil {
+		logger.GetLogger().Error().Err(err).Msg("mnemonic encryption initializer failed")
+	}
+
 	mailService := internal.NewMailService(config.MailSender.SendGridKey)
 
 	gridProxy := proxy.NewRetryingClient(proxy.NewClient(config.GridProxyURL))

backend/app/setup.go

@@ -173,16 +173,16 @@ func GetAuthToken(t *testing.T, app *App, id int, email, username string, isAdmi
 func CreateTestUser(t *testing.T, app *App, email, username string, hashedPassword []byte, verified, admin bool, mnemonicRequired bool, code int, updatedAt time.Time) *models.User {
 	mnemonic := ""
 	sponseeAddress := ""
+	var encryptedBytes []byte
 	if !mnemonicRequired {
-		mnemonic = ""
+		// no mnemonic needed in tests; leave encryptedBytes nil
 	} else {
 		var err error
 		mnemonic, sponseeAddress, _, err = internal.SetupUserOnTFChain(app.handlers.substrateClient, app.config)
 		require.NoError(t, err)
 
-		encryptedMnemonic, err := app.handlers.cryptoManager.EncryptMnemonic(mnemonic, sponseeAddress)
+		encryptedBytes, err = app.handlers.cryptoManager.EncryptMnemonic(mnemonic, sponseeAddress)
 		require.NoError(t, err)
-		mnemonic = encryptedMnemonic
 	}
 	user := &models.User{
 		Username:       username,
@@ -192,7 +192,7 @@ func CreateTestUser(t *testing.T, app *App, email, username string, hashedPasswo
 		Admin:          admin,
 		Code:           code,
 		UpdatedAt:      updatedAt,
-		Mnemonic:       mnemonic,
+		Mnemonic:       encryptedBytes,
 		AccountAddress: sponseeAddress,
 	}
 	err := app.handlers.db.RegisterUser(user)

backend/app/user_handler.go

@@ -1132,5 +1132,5 @@ func isUserRegistered(user models.User) bool {
 		user.Verified &&
 		len(strings.TrimSpace(user.AccountAddress)) > 0 &&
 		len(strings.TrimSpace(user.StripeCustomerID)) > 0 &&
-		len(strings.TrimSpace(user.Mnemonic)) > 0
+		len(user.Mnemonic) > 0
 }

backend/app/user_handler_test.go

@@ -51,7 +51,7 @@ func TestRegisterHandler(t *testing.T) {
 
 	t.Run("Register Existing Verified User", func(t *testing.T) {
 		user := CreateTestUser(t, app, "dupe@example.com", "Test User", []byte("securepassword"), true, false, false, 0, time.Now())
-		user.Mnemonic = "mnemonic"
+		user.Mnemonic = []byte("mnemonic")
 		user.AccountAddress = "sponseeAddress"
 		user.Sponsored = true
 		user.StripeCustomerID = "stripeCustomerID"
@@ -132,7 +132,7 @@ func TestVerifyRegisterCode(t *testing.T) {
 	})
 	t.Run("Test Verify Register Code with registered user", func(t *testing.T) {
 		registeredUser := CreateTestUser(t, app, "registered@example.com", "Registered User", []byte("securepassword"), true, false, false, 123, time.Now())
-		registeredUser.Mnemonic = "mnemonic"
+		registeredUser.Mnemonic = []byte("mnemonic")
 		registeredUser.AccountAddress = "sponseeAddress"
 		registeredUser.Sponsored = true
 		registeredUser.StripeCustomerID = "stripeCustomerID"
@@ -518,7 +518,7 @@ func TestChargeBalanceHandler(t *testing.T) {
 	t.Run("Test ChargeBalance with Invalid Request format", func(t *testing.T) {
 
 		user := CreateTestUser(t, app, "chargeuser@example.com", "Charge User", []byte("securepassword"), true, false, true, 0, time.Now())
-		user.Mnemonic = "test-menmonic"
+		user.Mnemonic = []byte("test-menmonic")
 		err = app.handlers.db.UpdateUserByID(user)
 		assert.NoError(t, err)
 		token := GetAuthToken(t, app, user.ID, user.Email, user.Username, false)

backend/cmd/cleanup/moneycollector/money_collector.go

@@ -51,7 +51,7 @@ func (m *MoneyCollector) CollectMoney() {
 			balanceConcurrencyLimiter <- struct{}{}
 			defer wg.Done()
 			defer func() { <-balanceConcurrencyLimiter }()
-			if user.Mnemonic == "" {
+			if len(user.Mnemonic) == 0 || len(user.AccountAddress) == 0 {
 				return
 			}
 
@@ -75,11 +75,10 @@ func (m *MoneyCollector) CollectMoney() {
 				log.Debug().Int("user_id", user.ID).Uint64("balance", balance).Msg("MoneyCollector: transferring balance to system account")
 				if err := m.substrateClient.Transfer(userIdentity, balance-MinBalanceThreshold, substrate.AccountID(system.PublicKey())); err != nil {
 					log.Error().Err(err).Int("user_id", user.ID).Msg("MoneyCollector: failed to transfer balance")
+					return
 				}
-				return
 			}
 		}(user)
-
 	}
 	wg.Wait()
 	log.Info().Msg("MoneyCollector: finished")

backend/internal/activities/user_activities.go

@@ -158,7 +158,7 @@ func SetupTFChainStep(client *substrate.Substrate, config internal.Configuration
 			return fmt.Errorf("failed to check existing user: %w", err)
 		}
 
-		if len(strings.TrimSpace(existingUser.Mnemonic)) > 0 {
+		if len(existingUser.Mnemonic) > 0 {
 
 			decryptedMnemonic, err := crypto.DecryptMnemonic(existingUser.Mnemonic, existingUser.AccountAddress)
 			if err != nil {

backend/internal/crypto.go

@@ -1,15 +1,20 @@
 package internal
 
 import (
+	"context"
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/rand"
 	"crypto/sha256"
-	"encoding/base64"
 	"errors"
 	"fmt"
 	"io"
 
+	"kubecloud/internal/logger"
+	"kubecloud/models"
+
+	"sync"
+
 	"golang.org/x/crypto/argon2"
 )
 
@@ -56,41 +61,36 @@ func (cm *CryptoManager) deriveKey(passphrase string, userIdentifier string) ([]
 	return key, nil
 }
 
-func (cm *CryptoManager) encrypt(plainText string, key []byte) (string, error) {
+func (cm *CryptoManager) encrypt(plainText string, key []byte) ([]byte, error) {
 	if len(key) != 32 {
-		return "", ErrInvalidKeyLength
+		return nil, ErrInvalidKeyLength
 	}
 
 	block, err := aes.NewCipher(key)
 	if err != nil {
-		return "", fmt.Errorf("failed to create cipher: %w", err)
+		return nil, fmt.Errorf("failed to create cipher: %w", err)
 	}
 
 	aesGCM, err := cipher.NewGCM(block)
 	if err != nil {
-		return "", fmt.Errorf("failed to create GCM: %w", err)
+		return nil, fmt.Errorf("failed to create GCM: %w", err)
 	}
 
 	nonce := make([]byte, aesGCM.NonceSize())
 	if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
-		return "", fmt.Errorf("failed to generate nonce: %w", err)
+		return nil, fmt.Errorf("failed to generate nonce: %w", err)
 	}
 
 	ciphertext := aesGCM.Seal(nonce, nonce, []byte(plainText), nil)
 
-	return base64.StdEncoding.EncodeToString(ciphertext), nil
+	return ciphertext, nil
 }
 
-func (cm *CryptoManager) decrypt(encryptedText string, key []byte) (string, error) {
+func (cm *CryptoManager) decrypt(encryptedBytes []byte, key []byte) (string, error) {
 	if len(key) != 32 {
 		return "", ErrInvalidKeyLength
 	}
 
-	ciphertext, err := base64.StdEncoding.DecodeString(encryptedText)
-	if err != nil {
-		return "", fmt.Errorf("failed to decode base64: %w", err)
-	}
-
 	block, err := aes.NewCipher(key)
 	if err != nil {
 		return "", fmt.Errorf("failed to create cipher: %w", err)
@@ -102,11 +102,11 @@ func (cm *CryptoManager) decrypt(encryptedText string, key []byte) (string, erro
 	}
 
 	nonceSize := aesGCM.NonceSize()
-	if len(ciphertext) < nonceSize {
+	if len(encryptedBytes) < nonceSize {
 		return "", ErrInvalidData
 	}
 
-	nonce, ciphertext := ciphertext[:nonceSize], ciphertext[nonceSize:]
+	nonce, ciphertext := encryptedBytes[:nonceSize], encryptedBytes[nonceSize:]
 
 	plaintext, err := aesGCM.Open(nil, nonce, ciphertext, nil)
 	if err != nil {
@@ -124,18 +124,73 @@ func (cm *CryptoManager) getMnemonicKey(userAddress string) ([]byte, error) {
 	return cm.deriveKey(cm.config.MnemonicEncryptionPassphrase, userAddress)
 }
 
-func (cm *CryptoManager) EncryptMnemonic(plainText string, userAddress string) (string, error) {
+func (cm *CryptoManager) EncryptMnemonic(plainText string, userAddress string) ([]byte, error) {
 	key, err := cm.getMnemonicKey(userAddress)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 	return cm.encrypt(plainText, key)
 }
 
-func (cm *CryptoManager) DecryptMnemonic(encryptedText string, userAddress string) (string, error) {
+func (cm *CryptoManager) DecryptMnemonic(encryptedBytes []byte, userAddress string) (string, error) {
 	key, err := cm.getMnemonicKey(userAddress)
 	if err != nil {
 		return "", err
 	}
-	return cm.decrypt(encryptedText, key)
+	return cm.decrypt(encryptedBytes, key)
+}
+
+func (cm *CryptoManager) EnsureMnemonicsEncrypted(ctx context.Context, db models.DB) error {
+	users, err := db.ListAllUsers()
+	if err != nil {
+		return fmt.Errorf("ensure encryption: list users failed: %w", err)
+	}
+
+	const maxWorkers = 16
+	sem := make(chan struct{}, maxWorkers)
+	var wg sync.WaitGroup
+
+	for i := range users {
+		u := users[i]
+		wg.Add(1)
+		sem <- struct{}{}
+		go func(u models.User) {
+			defer wg.Done()
+			defer func() { <-sem }()
+
+			select {
+			case <-ctx.Done():
+				return
+			default:
+			}
+
+			if len(u.Mnemonic) == 0 {
+				return
+			}
+
+			// Derive account address if missing and mnemonic appears to be plaintext
+			if len(u.AccountAddress) == 0 {
+				addr, err := AccountFromMnemonic(string(u.Mnemonic))
+				if err != nil {
+					logger.GetLogger().Error().Err(err).Int("user_id", u.ID).Msg("failed to derive account address from mnemonic")
+					return
+				}
+				u.AccountAddress = addr
+			}
+
+			if _, err := cm.DecryptMnemonic(u.Mnemonic, u.AccountAddress); err == nil {
+				return
+			}
+
+			encryptedMnemonic, err := cm.EncryptMnemonic(string(u.Mnemonic), u.AccountAddress)
+			if err != nil {
+				return
+			}
+			u.Mnemonic = encryptedMnemonic
+			_ = db.UpdateUserByID(&u)
+		}(u)
+	}
+
+	wg.Wait()
+	return nil
 }

backend/models/user.go

@@ -15,7 +15,7 @@ type User struct {
 	Admin             bool      `json:"admin"`
 	CreditCardBalance uint64    `json:"credit_card_balance" gorm:"default:0"` // millicent, money from credit card
 	CreditedBalance   uint64    `json:"credited_balance" gorm:"default:0"`    // millicent, manually added by admin or from vouchers
-	Mnemonic          string    `json:"-" gorm:"column:mnemonic"`
+	Mnemonic          []byte    `json:"-" gorm:"column:mnemonic"`
 	SSHKey            string    `json:"ssh_key"`
 	Debt              uint64    `json:"debt"` // millicent
 	Sponsored         bool      `json:"sponsored"`