feat: add verify command to local store

This ensures that the local store can be decrypted with the current
in-use key.

If it cannot, we can go on to perform maintenance operations and get
back into a happy state.

2 files changed, 13 insertions, 0 deletions

diff --git a/atuin-client/src/record/sqlite_store.rs b/atuin-client/src/record/sqlite_store.rs
index 8bf200c3..5df446b4 100644
--- a/atuin-client/src/record/sqlite_store.rs
+++ b/atuin-client/src/record/sqlite_store.rs
@@ -300,6 +300,18 @@ impl Store for SqliteStore {
 
         Ok(())
     }
+
+    /// Verify that every record in this store can be decrypted with the current key
+    /// Someday maybe also check each tag/record can be deserialized, but not for now.
+    async fn verify(&self, key: &[u8; 32]) -> Result<()> {
+        let all = self.load_all().await?;
+
+        all.into_iter()
+            .map(|record| record.decrypt::<PASETO_V4>(key))
+            .collect::<Result<Vec<_>>>()?;
+
+        Ok(())
+    }
 }
 
 #[cfg(test)]
diff --git a/atuin-client/src/record/store.rs b/atuin-client/src/record/store.rs
index 9c052213..04fba630 100644
--- a/atuin-client/src/record/store.rs
+++ b/atuin-client/src/record/store.rs
@@ -29,6 +29,7 @@ pub trait Store {
     async fn first(&self, host: HostId, tag: &str) -> Result<Option<Record<EncryptedData>>>;
 
     async fn re_encrypt(&self, old_key: &[u8; 32], new_key: &[u8; 32]) -> Result<()>;
+    async fn verify(&self, key: &[u8; 32]) -> Result<()>;
 
     /// Get the next `limit` records, after and including the given index
     async fn next(