From a6be1ed412d35817b620618a01bf289d9ea9f337 Mon Sep 17 00:00:00 2001 From: Gianfranco Date: Tue, 12 Nov 2024 16:28:09 -0300 Subject: [PATCH] better memo derivation, cleaning --- .../src/api/services/sep10.service.js | 17 ++--- src/services/anchor/index.ts | 19 +++--- yarn.lock | 62 ++++++++++++------- 3 files changed, 56 insertions(+), 42 deletions(-) diff --git a/signer-service/src/api/services/sep10.service.js b/signer-service/src/api/services/sep10.service.js index 540c3f3..fa18e70 100644 --- a/signer-service/src/api/services/sep10.service.js +++ b/signer-service/src/api/services/sep10.service.js @@ -2,12 +2,18 @@ const { Keypair } = require('stellar-sdk'); const { TransactionBuilder, Networks } = require('stellar-sdk'); const { fetchTomlValues } = require('../helpers/anchors'); const { verifySiweMessage } = require('./siwe.service'); +const { keccak256 } = require('viem/utils'); const { TOKEN_CONFIG } = require('../../constants/tokenConfig'); -const { SEP10_MASTER_SECRET, CLIENT_SECRET } = require('../../constants/constants'); +const { SEP10_MASTER_SECRET, CLIENT_DOMAIN_SECRET } = require('../../constants/constants'); const NETWORK_PASSPHRASE = Networks.PUBLIC; +async function deriveMemoFromAddress(address) { + const hash = keccak256(address); + return BigInt(hash).toString().slice(0, 15); +} + // we validate a challenge for a given nonce. From it we obtain the address and derive the memo // we can then ensure that the memo is the same as the one we expect from the anchor challenge const getAndValidateMemo = async (nonce, userChallengeSignature) => { @@ -22,17 +28,13 @@ const getAndValidateMemo = async (nonce, userChallengeSignature) => { throw new Error(`Could not verify signature: ${e.message}`); } - const memo = deriveMemoFromAddress(message.address); + const memo = await deriveMemoFromAddress(message.address); return memo; }; -const deriveMemoFromAddress = (address) => { - return address.slice(5, 15).replace(/\D/g, ''); -}; - exports.signSep10Challenge = async (challengeXDR, outToken, clientPublicKey, userChallengeSignature, nonce) => { const masterStellarKeypair = Keypair.fromSecret(SEP10_MASTER_SECRET); - const clientDomainStellarKeypair = Keypair.fromSecret(CLIENT_SECRET); + const clientDomainStellarKeypair = Keypair.fromSecret(CLIENT_DOMAIN_SECRET); // we validate a challenge for a given nonce. From it we obtain the address and derive the memo // we can then ensure that the memo is the same as the one we expect from the anchor challenge @@ -41,7 +43,6 @@ exports.signSep10Challenge = async (challengeXDR, outToken, clientPublicKey, use try { memo = await getAndValidateMemo(nonce, userChallengeSignature); } catch (e) { - console.log(e); throw new Error(`Could not verify signature or derive memo: ${e.message}`); } diff --git a/src/services/anchor/index.ts b/src/services/anchor/index.ts index 92bca79..f5d14fb 100644 --- a/src/services/anchor/index.ts +++ b/src/services/anchor/index.ts @@ -3,6 +3,7 @@ import { EventStatus } from '../../components/GenericEvent'; import { OutputTokenDetails, OutputTokenType } from '../../constants/tokenConfig'; import { fetchSep10Signatures, fetchSigningServiceAccountId, SignerServiceSep10Request } from '../signingService'; import { SiweSignatureData } from '../../hooks/useSignChallenge'; +import { keccak256 } from 'viem/utils'; import { config } from '../../config'; import { OUTPUT_TOKEN_CONFIG } from '../../constants/tokenConfig'; @@ -63,6 +64,12 @@ export const fetchTomlValues = async (TOML_FILE_URL: string): Promise { try { - console.log(args); return await fetchSep10Signatures(args); } catch (error: any) { - console.log(error.message); if (error.message === 'Invalid signature') { let { nonce, signature } = await refreshFunction(); - console.log('new signature', signature); - console.log('ne nonce ', nonce); let regreshedArgs = { ...args, maybeChallengeSignature: signature, maybeNonce: nonce }; return await fetchSep10Signatures(regreshedArgs); } @@ -117,11 +120,6 @@ const sep10SignaturesWithLoginRefresh = async ( } }; -//TODO A very naive memo derivation for testing. NOT SECURE -const deriveMemoFromAddress = (address: `0x${string}`) => { - return address.slice(5, 15).replace(/\D/g, ''); -}; - export const sep10 = async ( tomlValues: TomlValues, stellarEphemeralSecret: string, @@ -194,7 +192,6 @@ export const sep10 = async ( if (!usesMemo) { transactionSigned.sign(ephemeralKeys); } else { - console.log(sep10Account); transactionSigned.addSignature(sep10Account, masterClientSignature); } diff --git a/yarn.lock b/yarn.lock index 88cefb6..f9506a4 100644 --- a/yarn.lock +++ b/yarn.lock @@ -5,13 +5,6 @@ __metadata: version: 8 cacheKey: 10 -"@adraffy/ens-normalize@npm:^1.10.1": - version: 1.11.0 - resolution: "@adraffy/ens-normalize@npm:1.11.0" - checksum: 10/abef75f21470ea43dd6071168e092d2d13e38067e349e76186c78838ae174a46c3e18ca50921d05bea6ec3203074147c9e271f8cb6531d1c2c0e146f3199ddcb - languageName: node - linkType: hard - "@adraffy/ens-normalize@npm:1.10.1, @adraffy/ens-normalize@npm:^1.8.8": version: 1.10.1 resolution: "@adraffy/ens-normalize@npm:1.10.1" @@ -19,6 +12,13 @@ __metadata: languageName: node linkType: hard +"@adraffy/ens-normalize@npm:^1.10.1": + version: 1.11.0 + resolution: "@adraffy/ens-normalize@npm:1.11.0" + checksum: 10/abef75f21470ea43dd6071168e092d2d13e38067e349e76186c78838ae174a46c3e18ca50921d05bea6ec3203074147c9e271f8cb6531d1c2c0e146f3199ddcb + languageName: node + linkType: hard + "@alloc/quick-lru@npm:^5.2.0": version: 5.2.0 resolution: "@alloc/quick-lru@npm:5.2.0" @@ -2621,6 +2621,15 @@ __metadata: languageName: node linkType: hard +"@noble/curves@npm:1.2.0": + version: 1.2.0 + resolution: "@noble/curves@npm:1.2.0" + dependencies: + "@noble/hashes": "npm:1.3.2" + checksum: 10/94e02e9571a9fd42a3263362451849d2f54405cb3ce9fa7c45bc6b9b36dcd7d1d20e2e1e14cfded24937a13d82f1e60eefc4d7a14982ce0bc219a9fc0f51d1f9 + languageName: node + linkType: hard + "@noble/curves@npm:1.4.0, @noble/curves@npm:^1.3.0, @noble/curves@npm:~1.4.0": version: 1.4.0 resolution: "@noble/curves@npm:1.4.0" @@ -2646,6 +2655,13 @@ __metadata: languageName: node linkType: hard +"@noble/hashes@npm:1.3.2": + version: 1.3.2 + resolution: "@noble/hashes@npm:1.3.2" + checksum: 10/685f59d2d44d88e738114b71011d343a9f7dce9dfb0a121f1489132f9247baa60bc985e5ec6f3213d114fbd1e1168e7294644e46cbd0ce2eba37994f28eeb51b + languageName: node + linkType: hard + "@noble/hashes@npm:1.4.0, @noble/hashes@npm:^1.3.1, @noble/hashes@npm:^1.3.3, @noble/hashes@npm:~1.4.0": version: 1.4.0 resolution: "@noble/hashes@npm:1.4.0" @@ -2653,7 +2669,7 @@ __metadata: languageName: node linkType: hard -"@noble/hashes@npm:1.5.0, @noble/hashes@npm:^1.4.0, @noble/hashes@npm:^1.5.0, @noble/hashes@npm:~1.5.0": +"@noble/hashes@npm:1.5.0, @noble/hashes@npm:^1.1.2, @noble/hashes@npm:^1.4.0, @noble/hashes@npm:^1.5.0, @noble/hashes@npm:~1.5.0": version: 1.5.0 resolution: "@noble/hashes@npm:1.5.0" checksum: 10/da7fc7af52af7afcf59810a7eea6155075464ff462ffda2572dc6d57d53e2669b1ea2ec774e814f6273f1697e567f28d36823776c9bf7068cba2a2855140f26e @@ -17401,6 +17417,21 @@ __metadata: languageName: node linkType: hard +"ws@npm:8.17.1, ws@npm:~8.17.1": + version: 8.17.1 + resolution: "ws@npm:8.17.1" + peerDependencies: + bufferutil: ^4.0.1 + utf-8-validate: ">=5.0.2" + peerDependenciesMeta: + bufferutil: + optional: true + utf-8-validate: + optional: true + checksum: 10/4264ae92c0b3e59c7e309001e93079b26937aab181835fb7af79f906b22cd33b6196d96556dafb4e985742dd401e99139572242e9847661fdbc96556b9e6902d + languageName: node + linkType: hard + "ws@npm:8.18.0, ws@npm:^8.16.0": version: 8.18.0 resolution: "ws@npm:8.18.0" @@ -17446,21 +17477,6 @@ __metadata: languageName: node linkType: hard -"ws@npm:~8.17.1": - version: 8.17.1 - resolution: "ws@npm:8.17.1" - peerDependencies: - bufferutil: ^4.0.1 - utf-8-validate: ">=5.0.2" - peerDependenciesMeta: - bufferutil: - optional: true - utf-8-validate: - optional: true - checksum: 10/4264ae92c0b3e59c7e309001e93079b26937aab181835fb7af79f906b22cd33b6196d96556dafb4e985742dd401e99139572242e9847661fdbc96556b9e6902d - languageName: node - linkType: hard - "xmlhttprequest-ssl@npm:~2.0.0": version: 2.0.0 resolution: "xmlhttprequest-ssl@npm:2.0.0"