make client domain configurable

pendulum-chain · Nov 7, 2024 · fa0da9b · fa0da9b
1 parent 519a349
commit fa0da9b
Show file tree

Hide file tree

Showing 5 changed files with 55 additions and 22 deletions.
diff --git a/signer-service/src/api/services/sep10.service.js b/signer-service/src/api/services/sep10.service.js
@@ -48,7 +48,7 @@ exports.signSep10Challenge = async (challengeXDR, outToken, clientPublicKey) =>
     }
   }
   console.log(operations);
-  const expectedKey = TOKEN_CONFIG[outToken].anchorExpectedKey;
+  const { anchorExpectedKey: expectedKey, clientDomainEnabled } = TOKEN_CONFIG[outToken];
   if (firstOp.name !== expectedKey) {
     throw new Error(`First manageData operation should have key '${expectedKey}'`);
   }
@@ -88,7 +88,7 @@ exports.signSep10Challenge = async (challengeXDR, outToken, clientPublicKey) =>
   if (!hasWebAuthDomain) {
     throw new Error('Transaction must contain a web_auth_domain manageData operation');
   }
-  if (!hasClientDomain) {
+  if (!hasClientDomain && clientDomainEnabled) {
     throw new Error('Transaction must contain a client_domain manageData operation');
   }
 
@@ -97,7 +97,11 @@ exports.signSep10Challenge = async (challengeXDR, outToken, clientPublicKey) =>
     masterClientSignature = transactionSigned.getKeypairSignature(masterStellarKeypair);
   }
 
-  const clientDomainSignature = transactionSigned.getKeypairSignature(clientDomainStellarKeypair);
+  // Disable client domain for ars...
+  let clientDomainSignature;
+  if (clientDomainEnabled) {
+    clientDomainSignature = transactionSigned.getKeypairSignature(clientDomainStellarKeypair);
+  }
 
   return {
     masterSignature: masterClientSignature,

diff --git a/signer-service/src/constants/tokenConfig.js b/signer-service/src/constants/tokenConfig.js
@@ -7,6 +7,7 @@ const TOKEN_CONFIG = {
     minWithdrawalAmount: '10000000000000',
     maximumSubsidyAmountRaw: '1000000000000', // 1 unit
     anchorExpectedKey: 'mykobo.co auth',
+    clientDomainEnabled: true,
     pendulumCurrencyId: {
       Stellar: {
         AlphaNum4: {
@@ -29,6 +30,7 @@ const TOKEN_CONFIG = {
     minWithdrawalAmount: '11000000000000', //  11 ARS. Anchor minimum limit.
     maximumSubsidyAmountRaw: '100000000000000', // Defined by us:  100 unit ~ 0.1 USD @ Oct/2024
     anchorExpectedKey: 'api.anclap.com auth',
+    clientDomainEnabled: false,
     pendulumCurrencyId: {
       Stellar: {
         AlphaNum4: {

diff --git a/signer-service/src/index.js b/signer-service/src/index.js
@@ -4,25 +4,35 @@ const logger = require('./config/logger');
 const app = require('./config/express');
 require('dotenv').config();
 
-const { FUNDING_SECRET, PENDULUM_FUNDING_SEED, MOONBEAM_EXECUTOR_PRIVATE_KEY } = require('./constants/constants');
+const {
+  FUNDING_SECRET,
+  PENDULUM_FUNDING_SEED,
+  MOONBEAM_EXECUTOR_PRIVATE_KEY,
+  CLIENT_SECRET,
+} = require('./constants/constants');
 
-// stop the application if the funding secret key is not set
-// if (!FUNDING_SECRET) {
-//   logger.error('FUNDING_SECRET not set in the environment variables');
-//   process.exit(1);
-// }
+//stop the application if the funding secret key is not set
+if (!FUNDING_SECRET) {
+  logger.error('FUNDING_SECRET not set in the environment variables');
+  process.exit(1);
+}
 
-// // stop the application if the Pendulum funding seed is not set
-// if (!PENDULUM_FUNDING_SEED) {
-//   logger.error('PENDULUM_FUNDING_SEED not set in the environment variables');
-//   process.exit(1);
-// }
+// stop the application if the Pendulum funding seed is not set
+if (!PENDULUM_FUNDING_SEED) {
+  logger.error('PENDULUM_FUNDING_SEED not set in the environment variables');
+  process.exit(1);
+}
 
-// // stop the application if the Moonbeam executor private key is not set
-// if (!MOONBEAM_EXECUTOR_PRIVATE_KEY) {
-//   logger.error('MOONBEAM_EXECUTOR_PRIVATE_KEY not set in the environment variables');
-//   process.exit(1);
-// }
+// stop the application if the Moonbeam executor private key is not set
+if (!MOONBEAM_EXECUTOR_PRIVATE_KEY) {
+  logger.error('MOONBEAM_EXECUTOR_PRIVATE_KEY not set in the environment variables');
+  process.exit(1);
+}
+
+if (!CLIENT_SECRET) {
+  logger.error('CLIENT_SECRET not set in the environment variables');
+  process.exit(1);
+}
 
 // listen to requests
 app.listen(port, () => logger.info(`server started on port ${port} (${env})`));

diff --git a/src/constants/tokenConfig.ts b/src/constants/tokenConfig.ts
@@ -40,6 +40,7 @@ export interface OutputTokenDetails {
   offrampFeesBasisPoints: number;
   offrampFeesFixedComponent?: number;
   requiresClientMasterOverride: boolean;
+  supportsClientDomain: boolean;
 }
 export const INPUT_TOKEN_CONFIG: Record<InputTokenType, InputTokenDetails> = {
   usdc: {
@@ -91,6 +92,7 @@ export const OUTPUT_TOKEN_CONFIG: Record<OutputTokenType, OutputTokenDetails> =
     maxWithdrawalAmountRaw: '10000000000000000',
     offrampFeesBasisPoints: 125,
     requiresClientMasterOverride: false,
+    supportsClientDomain: true,
   },
   ars: {
     tomlFileUrl: 'https://api.anclap.com/.well-known/stellar.toml',
@@ -116,6 +118,7 @@ export const OUTPUT_TOKEN_CONFIG: Record<OutputTokenType, OutputTokenDetails> =
     offrampFeesBasisPoints: 200, // 2%
     offrampFeesFixedComponent: 10, // 10 ARS
     requiresClientMasterOverride: true,
+    supportsClientDomain: false,
   },
 };
 

diff --git a/src/services/anchor/index.ts b/src/services/anchor/index.ts
@@ -65,6 +65,7 @@ export const fetchTomlValues = async (TOML_FILE_URL: string): Promise<TomlValues
 async function getUrlParams(
   ephemeralAccount: string,
   requiresClientMasterOverride: boolean,
+  supportsClientDomain: boolean,
 ): Promise<{ urlParams: URLSearchParams; sep10Account: string }> {
   let sep10Account;
   if (requiresClientMasterOverride) {
@@ -85,8 +86,15 @@ async function getUrlParams(
     sep10Account = ephemeralAccount;
   }
 
+  if (supportsClientDomain) {
+    return {
+      urlParams: new URLSearchParams({ account: sep10Account, client_domain: config.applicationClientDomain }),
+      sep10Account,
+    };
+  }
+
   return {
-    urlParams: new URLSearchParams({ account: sep10Account, client_domain: config.applicationClientDomain }),
+    urlParams: new URLSearchParams({ account: sep10Account }),
     sep10Account,
   };
 }
@@ -107,9 +115,10 @@ export const sep10 = async (
   const accountId = ephemeralKeys.publicKey();
 
   const { requiresClientMasterOverride } = OUTPUT_TOKEN_CONFIG[outputToken];
+  const { supportsClientDomain } = OUTPUT_TOKEN_CONFIG[outputToken];
 
   // will select either clientMaster or the ephemeral account
-  const { urlParams, sep10Account } = await getUrlParams(accountId, requiresClientMasterOverride);
+  const { urlParams, sep10Account } = await getUrlParams(accountId, requiresClientMasterOverride, supportsClientDomain);
 
   const challenge = await fetch(`${webAuthEndpoint}?${urlParams.toString()}`);
   if (challenge.status !== 200) {
@@ -137,7 +146,12 @@ export const sep10 = async (
     outputToken,
     sep10Account,
   );
-  transactionSigned.addSignature(clientPublic, clientSignature);
+
+  // Workaround for Anclap, it is also disabled on backend so no security issues,
+  // modification here would only break the sep 10.
+  if (supportsClientDomain) {
+    transactionSigned.addSignature(clientPublic, clientSignature);
+  }
 
   if (!requiresClientMasterOverride) {
     transactionSigned.sign(ephemeralKeys);