Redesign Ndb.swift interface with build safety

This commit redesigns the Ndb.swift interface with a focus on build-time safety against crashes. It removes the external usage of NdbTxn and SafeNdbTxn, restricting it to be used only in NostrDB internal code. This prevents dangerous and crash prone usages throughout the app, such as holding transactions in a variable in an async function (which can cause thread-based reference counting to incorrectly deinit inherited transactions in use by separate callers), as well as holding unsafe unowned values longer than the lifetime of their corresponding transactions. Closes: https://github.com/damus-io/damus/issues/3364 Changelog-Fixed: Fixed several crashes throughout the app Signed-off-by: Daniel D’Aquino <daniel@daquino.me>
2025-11-28 19:17:35 -08:00
parent b562b930cc
commit f844ed9931
60 changed files with 611 additions and 497 deletions
--- a/DamusNotificationService/NotificationFormatter.swift
+++ b/DamusNotificationService/NotificationFormatter.swift
@@ -125,8 +125,7 @@ struct NotificationFormatter {
        let src = zap.request.ev
        let pk = zap.is_anon ? ANON_PUBKEY : src.pubkey

-        let profile_txn = profiles.lookup(id: pk)
-        let profile = profile_txn?.unsafeUnownedValue
+        let profile = profiles.lookup(id: pk)
        let name = Profile.displayName(profile: profile, pubkey: pk).displayName.truncate(maxLength: 50)

        let sats = NSNumber(value: (Double(zap.invoice.amount) / 1000.0))
--- a/DamusNotificationService/NotificationService.swift
+++ b/DamusNotificationService/NotificationService.swift
@@ -58,8 +58,7 @@ class NotificationService: UNNotificationServiceExtension {
        }

        let sender_profile = {
-            let txn = state.ndb.lookup_profile(nostr_event.pubkey)
-            let profile = txn?.unsafeUnownedValue?.profile
+            let profile = state.profiles.lookup(id: nostr_event.pubkey)
            let picture = ((profile?.picture.map { URL(string: $0) }) ?? URL(string: robohash(nostr_event.pubkey)))!
            return ProfileBuf(picture: picture,
                                 name: profile?.name,
@@ -186,8 +185,13 @@ func message_intent_from_note(ndb: Ndb, sender_profile: ProfileBuf, content: Str

    // gather recipients
    if let recipient_note_id = note.direct_replies() {
-        let replying_to = ndb.lookup_note(recipient_note_id)
-        if let replying_to_pk = replying_to?.unsafeUnownedValue?.pubkey {
+        let replying_to_pk = ndb.lookup_note(recipient_note_id, borrow: { replying_to_note -> Pubkey? in
+            switch replying_to_note {
+            case .none: return nil
+            case .some(let note): return note.pubkey
+            }
+        })
+        if let replying_to_pk {
            meta.isReplyToCurrentUser = replying_to_pk == our_pubkey

            if replying_to_pk != sender_pk {
@@ -247,8 +251,12 @@ func message_intent_from_note(ndb: Ndb, sender_profile: ProfileBuf, content: Str
 }

 func pubkey_to_inperson(ndb: Ndb, pubkey: Pubkey, our_pubkey: Pubkey) async -> INPerson {
-    let profile_txn = ndb.lookup_profile(pubkey)
-    let profile = profile_txn?.unsafeUnownedValue?.profile
+    let profile = ndb.lookup_profile(pubkey, borrow: { profileRecord in
+        switch profileRecord {
+        case .some(let pr): return pr.profile
+        case .none: return nil
+        }
+    })
    let name = profile?.name
    let display_name = profile?.display_name
    let nip05 = profile?.nip05