feat: Security

toju-app/src/app/domains/chat/domain/rules/message-revision-signing.rules.spec.ts

@@ -0,0 +1,48 @@
+import {
+  describe,
+  it,
+  expect,
+  vi
+} from 'vitest';
+import type { MessageRevision } from '../../../../shared-kernel';
+import {
+  attachRevisionSignatureIfPossible,
+  shouldAcceptRevisionWithoutRegisteredKey
+} from './message-revision-signing.rules';
+
+describe('message-revision-signing.rules', () => {
+  const revision: MessageRevision = {
+    messageId: 'msg-1',
+    revision: 0,
+    prevRevisionHash: '',
+    headHash: 'hash',
+    type: 'create',
+    actorId: 'user-1',
+    senderId: 'user-1',
+    roomId: 'room-1',
+    channelId: 'general',
+    senderName: 'User',
+    content: 'hello',
+    editedAt: 1,
+    isDeleted: false
+  };
+
+  it('keeps revisions unsigned when signing fails', async () => {
+    const signed = await attachRevisionSignatureIfPossible(
+      revision,
+      vi.fn(async () => {
+        throw new Error('Ed25519 unavailable');
+      })
+    );
+
+    expect(signed.signature).toBeUndefined();
+  });
+
+  it('accepts signed revisions while the sender key is still registering', () => {
+    expect(shouldAcceptRevisionWithoutRegisteredKey({
+      ...revision,
+      signature: 'signature'
+    }, null)).toBe(true);
+    expect(shouldAcceptRevisionWithoutRegisteredKey(revision, null)).toBe(false);
+  });
+});