refactor: move authentication outside the Client

[tomyrd]

closes #637

This PR refactors authentication out of the Client. The main idea is that now key tracking is responsability of the authenticator and the addition of new keys is done by the user of the client and not by the Client itself. The Client will only have access to the TransactionAuthenticator::get_signature function that will be used to sign transactions when needed. If the keys were not added by the client user to the authenticator then this will fail.

Authenticator

The authenticator now uses a new KeyStore instead of the client's Store to get the secret key. This keystore now is created outside the client and is responsability of the client's user to keep it updated with every new key.

Keystore

The PR adds two implementations for the keystore:

• FilesystemKeyStore: based on the filesystem. It stores keys as individual files where the name is the public key and the contents are a serialized AuthSecretKey. It's used by the CLI and by the tests.
• WebKeySTore: based on the browser local storage. It stores keys as entries using the Web Storage API. It's used in the web client.

Other changes

• The CLI and integration tests were changed to use the new authenticator. They add keys to the authenticator when creating accounts.
• The retrieval of authentication information was removed from the Store.
• The web client now also uses the new authenticator. A lot of extra code was removed because keys were dealt differently in the web client (they were cached so that the authenticator could be synchronous).

TODOs:

• Fix all the integration tests
• Add account authentication in the CLI
• Investigate posible alternative implementations for the web client. The current one doesn't work for wasm.
• Remove TODOs in code.
• Add documentation.
• Clean account auth from stores
• Add top level module documentation

[igamigo]

Nice! Cool that this results in a net loss of lines of code, too.
I left some minor comments, related to docs and naming mostly. I also wonder if we should generalize the CliAuthenticator into a Keystore struct to which we are implementing TransactionAuthenticator. This is because it seems like it handles more responsibilities than just authenticating, and also we might want to add new functionalities to it in the future (such as listing keys, removing them, encrypting/decrypting them, etc.).

[igamigo]

Wouldn't this be index 0 for any non-faucet account?

[igamigo]

This is fine for now but maybe we could add a TODO here to address potential cases where adding the secret key succeeds, but adding the account fails.

Alternatively, maybe in the future we want to have some sort of "keystore" command that adds/removes keys separately from accounts.

[tomyrd]

Created an issue for this

[igamigo]

Same here

[igamigo]

nit: Not from this PR but while we are at this, let's write this line as follows

Suggested change

	/// Path to the sqlite store file.
	/// Path to the SQLite store file.

[igamigo]

nit: Would this be better?

Suggested change

	/// Path to secret keys file.
	/// Path to the directory that contains the secret key files.

[igamigo]

nit: Maybe I'd generalize this as key store error, since this is not always authentication-related (for instance, it also manages adding keys to the filesystem)

[igamigo]

nit: We should mention that this creates the directory if it does not exist (or alternatively we could do it on the doc comments for pub struct ClientAuthenticator<R>.

[igamigo]

Could we expand this doc comment mentioning the way that it stores and looks up files? For instance, saying that it's one file per AuthSecretKey, with a filename that corresponds to the pub key for easy lookups when signatures are requested, etc.

[igamigo]

nit: A brief description of what this authenticator uses to store files would be cool.

[igamigo]

Also, I think eventually we probably want to add password encryption to the keystore so we might want to add an issue to discuss this (or maybe it's more in the domain of the wallet itself? cc @dagarcia7)

[bobbinth]

Should we rebase this PR from the latest next? Seems like it may be including some extraneous changes.

[tomyrd]

I reviewed the diff again just to be sure but I couldn't find the extraneous changes you mention. There are a lot of changes that were necessary because of the shift in responsibility in public key tracking. Mainly the tests had to be updated so that they have access to the authenticator in case they need to add new keys (which some of them need).

[dagarcia7]

minor: we can get rid of this file now. It used to be how I tested things, but now with more formal integration tests for the web client, this is obsolete 👍

[dagarcia7]

Looks great! 💯 Thanks for taking care of the web client changes. I have a quick question. Are there any plans to encrypt the Secret Key before it's put in local storage? And subsequently handle the decryption when retrieving it? I was also wondering if local storage was the best way to store the keys on the web side, but I think given the limitation that the get_signature call is still only synchronous, this may be the only way beyond what we were doing before with the call to cache the auth first before making a transaction call. In the future, if get_signature ends up supporting async, you can play around with this and create different types of WebKeyStore that maybe store things differently -- say, a separate IndexedDB store, or chrome extension storage, etc.

[tomyrd]

Are there any plans to encrypt the Secret Key before it's put in local storage? And subsequently handle the decryption when retrieving it?

I think in the future we will probably make this upgrades. This PR is meant to be a first PoC to see how we could move the keystore responsability out of the client. To upgrade we would only need to change the KeyStore which would be much easier.

I was also wondering if local storage was the best way to store the keys on the web side, but I think given the limitation that the get_signature call is still only synchronous

Before this PR we used pollster to wait on the async calls as the SqliteStore had also been changed to make it async. We can change the web storage method to an IndexDB in the future if it's better.