From d84f5b2d33e1e6d69877facf037bff02b231ae3c Mon Sep 17 00:00:00 2001
From: Ellie Huxtable <ellie@elliehuxtable.com>
Date: Mon, 22 Jan 2024 20:07:19 +0000
Subject: feat: don't stop with invalid key (#1612)

An issue with the old sync was that if there was _one_ record encrypted
with a different key, sync would stop. You'd need to delete your account
and start from scratch. This sucked.

This change means we will carry on, and try to encrypt and build with as
much of the history as we are able to decrypt.

This is possible because we can quite happily store data on disk that we
cannot decrypt. The old store couldn't do this.

In future, we might consider a keyring containing multiple keys.
---
 atuin-client/src/history/store.rs     | 11 ++++++++++-
 atuin-client/src/record/encryption.rs |  1 +
 2 files changed, 11 insertions(+), 1 deletion(-)

(limited to 'atuin-client')

diff --git a/atuin-client/src/history/store.rs b/atuin-client/src/history/store.rs
index 73166de1..442da45d 100644
--- a/atuin-client/src/history/store.rs
+++ b/atuin-client/src/history/store.rs
@@ -164,7 +164,16 @@ impl HistoryStore {
         for record in records.into_iter() {
             let hist = match record.version.as_str() {
                 HISTORY_VERSION => {
-                    let decrypted = record.decrypt::<PASETO_V4>(&self.encryption_key)?;
+                    let decrypted = record.decrypt::<PASETO_V4>(&self.encryption_key);
+
+                    let decrypted = match decrypted {
+                        Ok(d) => d,
+                        Err(e) => {
+                            println!("failed to decrypt history: {e}");
+                            continue;
+                        }
+                    };
+
                     HistoryRecord::deserialize(&decrypted.data, HISTORY_VERSION)
                 }
                 version => bail!("unknown history version {version:?}"),
diff --git a/atuin-client/src/record/encryption.rs b/atuin-client/src/record/encryption.rs
index c2cdaa6a..ca49660c 100644
--- a/atuin-client/src/record/encryption.rs
+++ b/atuin-client/src/record/encryption.rs
@@ -128,6 +128,7 @@ impl PASETO_V4 {
         // For now though we will only support the one key and key rotation will
         // have to be a hard reset
         let current_kid = wrapping_key.to_id();
+
         ensure!(
             current_kid == kid,
             "attempting to decrypt with incorrect key. currently using {current_kid}, expecting {kid}"
-- 
cgit v1.3.1