exclude Actor.PrivateKey from GORM, read via raw SQL in export-keys

Author: parkan

handler/wallet/export_keys.go

@@ -17,6 +17,14 @@ type ExportKeysResult struct {
 	Errors   []string // actors that failed (logged but don't abort)
 }
 
+// actor row with the legacy private_key column, used only by export-keys.
+// Actor.PrivateKey is gorm:"-" in the model so we need a local type for raw SQL.
+type legacyActorRow struct {
+	ID         string
+	Address    string
+	PrivateKey string
+}
+
 // exports private keys from the legacy Actor.PrivateKey column into the
 // filesystem keystore, creating Wallet records where needed.
 // idempotent -- skips actors whose address already has a Wallet record.
@@ -28,8 +36,8 @@ func ExportKeysHandler(
 ) (*ExportKeysResult, error) {
 	db = db.WithContext(ctx)
 
-	var actors []model.Actor
-	err := db.Where("private_key != '' AND private_key IS NOT NULL").Find(&actors).Error
+	var actors []legacyActorRow
+	err := db.Raw("SELECT id, address, private_key FROM actors WHERE private_key != '' AND private_key IS NOT NULL").Scan(&actors).Error
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to query actors with private keys")
 	}
@@ -54,7 +62,7 @@ func ExportKeysHandler(
 
 // exports a single actor's key to keystore, returns (true, "") on success,
 // (false, "") on skip, ("", errMsg) on failure
-func exportOneKey(db *gorm.DB, ks keystore.KeyStore, actor model.Actor) (exported bool, errMsg string) {
+func exportOneKey(db *gorm.DB, ks keystore.KeyStore, actor legacyActorRow) (exported bool, errMsg string) {
 	// derive address to check for existing wallet
 	addr, err := keystore.AddressFromExport(actor.PrivateKey)
 	if err != nil {
@@ -114,7 +122,17 @@ func exportOneKey(db *gorm.DB, ks keystore.KeyStore, actor model.Actor) (exporte
 }
 
 func HasPrivateKeyColumn(db *gorm.DB) bool {
-	return db.Migrator().HasColumn(&model.Actor{}, "private_key")
+	// can't use db.Migrator().HasColumn(&model.Actor{}, "private_key") because
+	// the field is gorm:"-" -- GORM won't resolve the column name. query directly.
+	dialect := db.Dialector.Name()
+	var count int64
+	switch dialect {
+	case "sqlite":
+		db.Raw("SELECT COUNT(*) FROM pragma_table_info('actors') WHERE name = 'private_key'").Scan(&count)
+	default:
+		db.Raw("SELECT COUNT(*) FROM information_schema.columns WHERE table_name = 'actors' AND column_name = 'private_key'").Scan(&count)
+	}
+	return count > 0
 }
 
 // counts actors that still have a non-empty private_key in the database.

handler/wallet/export_keys_test.go

@@ -12,18 +12,38 @@ import (
 	"gorm.io/gorm"
 )
 
+// model without -:migration, used to simulate a legacy database where
+// AutoMigrate created the private_key column
+type legacyActor struct {
+	ID         string `gorm:"primaryKey;size:15"`
+	Address    string `gorm:"index"`
+	PrivateKey string
+}
+
+func (legacyActor) TableName() string { return "actors" }
+
+// simulates a legacy database by running AutoMigrate with the old model
+// that includes private_key as a normal column
+func addLegacyColumn(t *testing.T, db *gorm.DB) {
+	t.Helper()
+	require.NoError(t, db.AutoMigrate(&legacyActor{}))
+}
+
+// inserts an actor with a legacy private_key via the legacy model
+func createLegacyActor(t *testing.T, db *gorm.DB, id, address, privateKey string) {
+	t.Helper()
+	require.NoError(t, db.Create(&legacyActor{
+		ID: id, Address: address, PrivateKey: privateKey,
+	}).Error)
+}
+
 func TestExportKeysHandler_ExportsActorKey(t *testing.T) {
 	testutil.All(t, func(ctx context.Context, t *testing.T, db *gorm.DB) {
 		ks, err := keystore.NewLocalKeyStore(t.TempDir())
 		require.NoError(t, err)
 
-		// create an actor with a legacy private key
-		actor := model.Actor{
-			ID:         "f01234",
-			Address:    testutil.TestWalletAddr,
-			PrivateKey: testutil.TestPrivateKeyHex,
-		}
-		require.NoError(t, db.Create(&actor).Error)
+		addLegacyColumn(t, db)
+		createLegacyActor(t, db, "f01234", testutil.TestWalletAddr, testutil.TestPrivateKeyHex)
 
 		result, err := ExportKeysHandler(ctx, db, ks)
 		require.NoError(t, err)
@@ -50,13 +70,8 @@ func TestExportKeysHandler_SkipsExistingWallet(t *testing.T) {
 		ks, err := keystore.NewLocalKeyStore(t.TempDir())
 		require.NoError(t, err)
 
-		// create actor with legacy key
-		actor := model.Actor{
-			ID:         "f01234",
-			Address:    testutil.TestWalletAddr,
-			PrivateKey: testutil.TestPrivateKeyHex,
-		}
-		require.NoError(t, db.Create(&actor).Error)
+		addLegacyColumn(t, db)
+		createLegacyActor(t, db, "f01234", testutil.TestWalletAddr, testutil.TestPrivateKeyHex)
 
 		// pre-import the wallet via normal import path
 		h := DefaultHandler{}
@@ -83,13 +98,8 @@ func TestExportKeysHandler_SkipsExistingWalletLinksActor(t *testing.T) {
 		ks, err := keystore.NewLocalKeyStore(t.TempDir())
 		require.NoError(t, err)
 
-		// create actor with legacy key
-		actor := model.Actor{
-			ID:         "f01234",
-			Address:    testutil.TestWalletAddr,
-			PrivateKey: testutil.TestPrivateKeyHex,
-		}
-		require.NoError(t, db.Create(&actor).Error)
+		addLegacyColumn(t, db)
+		createLegacyActor(t, db, "f01234", testutil.TestWalletAddr, testutil.TestPrivateKeyHex)
 
 		// pre-import the wallet WITHOUT actor linkage
 		h := DefaultHandler{}
@@ -116,12 +126,8 @@ func TestExportKeysHandler_Idempotent(t *testing.T) {
 		ks, err := keystore.NewLocalKeyStore(t.TempDir())
 		require.NoError(t, err)
 
-		actor := model.Actor{
-			ID:         "f01234",
-			Address:    testutil.TestWalletAddr,
-			PrivateKey: testutil.TestPrivateKeyHex,
-		}
-		require.NoError(t, db.Create(&actor).Error)
+		addLegacyColumn(t, db)
+		createLegacyActor(t, db, "f01234", testutil.TestWalletAddr, testutil.TestPrivateKeyHex)
 
 		// first run exports
 		r1, err := ExportKeysHandler(ctx, db, ks)
@@ -146,12 +152,12 @@ func TestExportKeysHandler_NoActorsWithKeys(t *testing.T) {
 		ks, err := keystore.NewLocalKeyStore(t.TempDir())
 		require.NoError(t, err)
 
+		addLegacyColumn(t, db)
 		// actor with no private key
-		actor := model.Actor{
+		require.NoError(t, db.Create(&model.Actor{
 			ID:      "f09999",
 			Address: "f1abc",
-		}
-		require.NoError(t, db.Create(&actor).Error)
+		}).Error)
 
 		result, err := ExportKeysHandler(ctx, db, ks)
 		require.NoError(t, err)
@@ -166,13 +172,8 @@ func TestExportKeysHandler_InvalidKeyRecordsError(t *testing.T) {
 		ks, err := keystore.NewLocalKeyStore(t.TempDir())
 		require.NoError(t, err)
 
-		// actor with garbage key
-		actor := model.Actor{
-			ID:         "f05555",
-			Address:    "f1bad",
-			PrivateKey: "not-a-valid-key",
-		}
-		require.NoError(t, db.Create(&actor).Error)
+		addLegacyColumn(t, db)
+		createLegacyActor(t, db, "f05555", "f1bad", "not-a-valid-key")
 
 		result, err := ExportKeysHandler(ctx, db, ks)
 		require.NoError(t, err) // overall operation succeeds
@@ -189,13 +190,8 @@ func TestExportKeysHandler_MissingKeyFile(t *testing.T) {
 		ks, err := keystore.NewLocalKeyStore(t.TempDir())
 		require.NoError(t, err)
 
-		// create actor with legacy key
-		actor := model.Actor{
-			ID:         "f01234",
-			Address:    testutil.TestWalletAddr,
-			PrivateKey: testutil.TestPrivateKeyHex,
-		}
-		require.NoError(t, db.Create(&actor).Error)
+		addLegacyColumn(t, db)
+		createLegacyActor(t, db, "f01234", testutil.TestWalletAddr, testutil.TestPrivateKeyHex)
 
 		// create wallet record pointing to a nonexistent key file
 		require.NoError(t, db.Create(&model.Wallet{
@@ -219,12 +215,8 @@ func TestExportKeysHandler_CorruptKeyFile(t *testing.T) {
 		ks, err := keystore.NewLocalKeyStore(dir)
 		require.NoError(t, err)
 
-		actor := model.Actor{
-			ID:         "f01234",
-			Address:    testutil.TestWalletAddr,
-			PrivateKey: testutil.TestPrivateKeyHex,
-		}
-		require.NoError(t, db.Create(&actor).Error)
+		addLegacyColumn(t, db)
+		createLegacyActor(t, db, "f01234", testutil.TestWalletAddr, testutil.TestPrivateKeyHex)
 
 		// write garbage to the key file path
 		corruptPath := dir + "/corrupt"
@@ -245,17 +237,22 @@ func TestExportKeysHandler_CorruptKeyFile(t *testing.T) {
 	})
 }
 
-func TestDropPrivateKeyColumn(t *testing.T) {
+func TestExportKeysHandler_AutoMigrateDoesNotRecreateColumn(t *testing.T) {
 	testutil.All(t, func(ctx context.Context, t *testing.T, db *gorm.DB) {
-		// column exists after AutoMigrate
-		require.True(t, db.Migrator().HasColumn(&model.Actor{}, "private_key"))
+		// AutoMigrate already ran (via testutil.All) -- column should NOT exist
+		require.False(t, db.Migrator().HasColumn(&model.Actor{}, "private_key"),
+			"AutoMigrate must not create private_key column (gorm:-:migration)")
 
-		// drop it
+		// simulate legacy db, export, drop
+		addLegacyColumn(t, db)
+		require.True(t, HasPrivateKeyColumn(db))
 		require.NoError(t, DropPrivateKeyColumn(db))
-		require.False(t, db.Migrator().HasColumn(&model.Actor{}, "private_key"))
+		require.False(t, HasPrivateKeyColumn(db))
 
-		// idempotent -- second call is a no-op
-		require.NoError(t, DropPrivateKeyColumn(db))
+		// re-run AutoMigrate -- must NOT re-add the column
+		require.NoError(t, model.AutoMigrate(db))
+		require.False(t, HasPrivateKeyColumn(db),
+			"AutoMigrate must not re-add private_key column after drop")
 	})
 }
 
@@ -264,13 +261,8 @@ func TestDropPrivateKeyColumn_ExportThenDrop(t *testing.T) {
 		ks, err := keystore.NewLocalKeyStore(t.TempDir())
 		require.NoError(t, err)
 
-		// create actor with legacy key
-		actor := model.Actor{
-			ID:         "f01234",
-			Address:    testutil.TestWalletAddr,
-			PrivateKey: testutil.TestPrivateKeyHex,
-		}
-		require.NoError(t, db.Create(&actor).Error)
+		addLegacyColumn(t, db)
+		createLegacyActor(t, db, "f01234", testutil.TestWalletAddr, testutil.TestPrivateKeyHex)
 
 		// export
 		result, err := ExportKeysHandler(ctx, db, ks)

model/migrate.go

@@ -70,6 +70,12 @@ var fkMigrations = []fkMigration{
 // Returns:
 //   - An error if any issues arise during the process, otherwise nil.
 func AutoMigrate(db *gorm.DB) error {
+	// pre-migration: rename legacy wallets table to actors before GORM
+	// tries to reconcile the new Wallet model with the old table schema
+	if err := renameLegacyWalletsTable(db); err != nil {
+		return errors.Wrap(err, "failed to rename legacy wallets table")
+	}
+
 	logger.Info("Auto migrating tables")
 	err := db.AutoMigrate(Tables...)
 	if err != nil {
@@ -487,6 +493,33 @@ func migrateWalletAssignments(db *gorm.DB) error {
 	return nil
 }
 
+// renameLegacyWalletsTable detects the pre-v0.8 schema where "wallets" was the
+// actor identity table (id=f0..., private_key) and renames it to "actors" so
+// AutoMigrate can create the new "wallets" table (keystore-backed model).
+// idempotent -- skips if wallets already has key_path (new schema) or if
+// actors already exists.
+func renameLegacyWalletsTable(db *gorm.DB) error {
+	if !db.Migrator().HasTable("wallets") {
+		return nil // fresh install
+	}
+	if db.Migrator().HasColumn(&Wallet{}, "key_path") {
+		return nil // already migrated
+	}
+	// old wallets table has private_key but no key_path -- it's the actor table
+	if db.Migrator().HasTable("actors") {
+		return nil // actors table already exists, can't rename
+	}
+
+	logger.Info("renaming legacy wallets table to actors")
+	if err := db.Exec("ALTER TABLE wallets RENAME TO actors").Error; err != nil {
+		return err
+	}
+	// drop old indexes that followed the rename -- they'd conflict with
+	// indexes AutoMigrate creates on the new wallets table
+	db.Exec("DROP INDEX IF EXISTS idx_wallets_address")
+	return nil
+}
+
 // DropAll removes all tables specified in the Tables slice from the database.
 //
 // This function is typically used during development or testing where a clean database

model/replication.go

@@ -179,9 +179,12 @@ type Schedule struct {
 // actors we control have a Wallet with ActorID pointing here.
 // actors we don't control (counterparties) exist as bare records.
 type Actor struct {
-	ID         string `gorm:"primaryKey;size:15"   json:"id"`      // actor ID (f0...)
-	Address    string `gorm:"index"                json:"address"` // filecoin address
-	PrivateKey string `json:"privateKey,omitempty" table:"-"`      // orphaned: run `singularity wallet export-keys` to migrate, then drop column
+	ID      string `gorm:"primaryKey;size:15" json:"id"`      // actor ID (f0...)
+	Address string `gorm:"index"              json:"address"` // filecoin address
+	// PrivateKey is excluded from GORM entirely so AutoMigrate won't
+	// create the column and SELECTs won't reference it. The export-keys
+	// handler reads it via raw SQL for legacy databases that still have it.
+
 }
 
 // GORM will rename "wallets" table to "actors" on AutoMigrate