Skip to content

Commit

Permalink
fix(web): siwe-uri-check
Browse files Browse the repository at this point in the history
  • Loading branch information
@Harman-singh-waraich
Harman-singh-waraich committed May 1, 2024
1 parent 28ba13c commit 96360ec
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 12 deletions.
21 changes: 10 additions & 11 deletions web/netlify/functions/authUser.ts
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
import middy from "@middy/core";
import jsonBodyParser from "@middy/http-json-body-parser";
import { ETH_SIGNATURE_REGEX } from "consts/index";
import { DEFAULT_CHAIN } from "consts/chains";
import { SiweMessage } from "siwe";
import * as jwt from "jose";
import { createClient } from "@supabase/supabase-js";
import { netlifyUri } from "src/generatedNetlifyInfo.json";
import * as jwt from "jose";
import { SiweMessage } from "siwe";

import { DEFAULT_CHAIN } from "consts/chains";
import { ETH_SIGNATURE_REGEX } from "consts/index";

import { netlifyUri, netlifyDeployUri } from "src/generatedNetlifyInfo.json";
import { Database } from "src/types/supabase-notification";

const authUser = async (event) => {
Expand Down Expand Up @@ -35,7 +37,9 @@ const authUser = async (event) => {

const siweMessage = new SiweMessage(message);

if (netlifyUri && netlifyUri !== siweMessage.uri) {
console.log({ netlifyUri, netlifyDeployUri });

if (netlifyUri && netlifyUri !== siweMessage.uri && netlifyDeployUri && netlifyDeployUri !== siweMessage.uri) {
console.debug(`Invalid URI: expected ${netlifyUri} but got ${siweMessage.uri}`);
throw new Error(`Invalid URI`);
}
Expand All @@ -45,11 +49,6 @@ const authUser = async (event) => {
throw new Error(`Invalid chain ID`);
}

if (!siweMessage.expirationTime || Date.parse(siweMessage.expirationTime) < Date.now()) {
console.debug(`Message expired: ${siweMessage.expirationTime} < ${new Date().toISOString()}`);
throw new Error("Message expired");
}

const lowerCaseAddress = siweMessage.address.toLowerCase();
if (lowerCaseAddress !== address.toLowerCase()) {
throw new Error("Address mismatch in provided address and message");
Expand Down
2 changes: 1 addition & 1 deletion web/scripts/generateBuildInfo.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,5 @@

SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"

jq -n --arg uri "$DEPLOY_PRIME_URL" '{ netlifyUri: $uri }' > src/generatedNetlifyInfo.json
jq -n --arg primeUri "$DEPLOY_PRIME_URL" --arg uri "$URL" '{ netlifyDeployUri: $primeUri, netlifyUri: $uri }' > src/generatedNetlifyInfo.json
node $SCRIPT_DIR/gitInfo.js

0 comments on commit 96360ec

Please sign in to comment.