refactor account msg validation

lib/index.js

@@ -25,6 +25,7 @@ const { decrypt } = require('./encryption')
  * @typedef {import('./msg-v3').AccountData} AccountData
  * @typedef {import('./msg-v3').AccountPower} AccountPower
  * @typedef {import('./encryption').EncryptionFormat} EncryptionFormat
+ * @typedef {import('./msg-v3/tangle')} Tangle
  *
  * @typedef {Buffer | Uint8Array} B4A
  */
@@ -259,7 +260,7 @@ function initDB(peer, config) {
    * Find which pubkeys are authorized to sign this msg given the account.
    *
    * @private
-   * @param {DBTangle | null} accountTangle
+   * @param {Tangle | null} accountTangle
    * @returns {Set<string>}
    */
   function getPubkeysInAccount(accountTangle) {
@@ -310,7 +311,7 @@ function initDB(peer, config) {
 
     // Identify the account and its pubkeys:
     const accountID = getAccountID(rec)
-    let accountTangle = /** @type {DBTangle | null} */ (null)
+    let accountTangle = /** @type {Tangle | null} */ (null)
     if (accountID) {
       accountTangle = new DBTangle(accountID, records())
       if (msgID === accountID) {
@@ -329,11 +330,27 @@ function initDB(peer, config) {
     }
 
     // Account tangle related validations
-    if (
+    if (msg.metadata.account === ACCOUNT_SELF) {
-      msg.metadata.account === ACCOUNT_SELF &&
+      if ((err = validateAccountMsg(msg, accountTangle))) {
-      accountTangle &&
+        // prettier-ignore
-      !MsgV3.isRoot(msg)
+        return cb(new Error('add() failed msg account validation', { cause: err }))
-    ) {
+      }
+    }
+
+    logAppend(msgID, msg, (err, rec) => {
+      if (err) return cb(new Error('add() failed in the log', { cause: err }))
+      onRecordAdded.set(rec)
+      cb(null, rec)
+    })
+  }
+
+  /**
+   * @param {Msg} msg
+   * @param {Tangle | null} accountTangle
+   * @returns {string | undefined}
+   */
+  function validateAccountMsg(msg, accountTangle) {
+    if (accountTangle && !MsgV3.isRoot(msg)) {
       /** @type {AccountData} */
       const data = msg.data
       if (data.action === 'add') {
@@ -342,17 +359,11 @@ function initDB(peer, config) {
         const powers = getAccountPowers(accountTangle, keypair)
         if (!powers.has('add')) {
           // prettier-ignore
-          return cb(new Error('add() failed because this msg.pubkey does not have "add" power'))
+          return `invalid message: pubkey "${msg.pubkey}" does not have "add" power`
         }
       }
       // TODO validate 'del'
     }
-
-    logAppend(msgID, msg, (err, rec) => {
-      if (err) return cb(new Error('add() failed in the log', { cause: err }))
-      onRecordAdded.set(rec)
-      cb(null, rec)
-    })
   }
 
   /**
@@ -522,7 +533,7 @@ function initDB(peer, config) {
   }
 
   /**
-   * @param {DBTangle} accountTangle
+   * @param {Tangle} accountTangle
    * @param {KeypairPublicSlice} keypair
    * @returns {Set<AccountPower>}
    */
@@ -848,7 +859,7 @@ function initDB(peer, config) {
 
   /**
    * @param {string} tangleID
-   * @returns {DBTangle}
+   * @returns {Tangle}
    */
   function getTangle(tangleID) {
     return new DBTangle(tangleID, records())

test/account-add.test.js

@@ -144,7 +144,7 @@ test('keypair with no "add" powers cannot account.add()', async (t) => {
   // Test replicator-side power validation
   assert.rejects(
     p(peer1again.db.add)(msg3, id),
-    /msg\.pubkey does not have "add" power/
+    /add\(\) failed msg account validation/
   )
 
   await p(peer1again.close)()