From fa0da9b27b1a200819fe51b52218f682792bd495 Mon Sep 17 00:00:00 2001 From: Gianfranco Date: Thu, 7 Nov 2024 09:13:33 -0300 Subject: [PATCH] make client domain configurable --- .../src/api/services/sep10.service.js | 10 +++-- signer-service/src/constants/tokenConfig.js | 2 + signer-service/src/index.js | 42 ++++++++++++------- src/constants/tokenConfig.ts | 3 ++ src/services/anchor/index.ts | 20 +++++++-- 5 files changed, 55 insertions(+), 22 deletions(-) diff --git a/signer-service/src/api/services/sep10.service.js b/signer-service/src/api/services/sep10.service.js index 7eea25e..0868441 100644 --- a/signer-service/src/api/services/sep10.service.js +++ b/signer-service/src/api/services/sep10.service.js @@ -48,7 +48,7 @@ exports.signSep10Challenge = async (challengeXDR, outToken, clientPublicKey) => } } console.log(operations); - const expectedKey = TOKEN_CONFIG[outToken].anchorExpectedKey; + const { anchorExpectedKey: expectedKey, clientDomainEnabled } = TOKEN_CONFIG[outToken]; if (firstOp.name !== expectedKey) { throw new Error(`First manageData operation should have key '${expectedKey}'`); } @@ -88,7 +88,7 @@ exports.signSep10Challenge = async (challengeXDR, outToken, clientPublicKey) => if (!hasWebAuthDomain) { throw new Error('Transaction must contain a web_auth_domain manageData operation'); } - if (!hasClientDomain) { + if (!hasClientDomain && clientDomainEnabled) { throw new Error('Transaction must contain a client_domain manageData operation'); } @@ -97,7 +97,11 @@ exports.signSep10Challenge = async (challengeXDR, outToken, clientPublicKey) => masterClientSignature = transactionSigned.getKeypairSignature(masterStellarKeypair); } - const clientDomainSignature = transactionSigned.getKeypairSignature(clientDomainStellarKeypair); + // Disable client domain for ars... + let clientDomainSignature; + if (clientDomainEnabled) { + clientDomainSignature = transactionSigned.getKeypairSignature(clientDomainStellarKeypair); + } return { masterSignature: masterClientSignature, diff --git a/signer-service/src/constants/tokenConfig.js b/signer-service/src/constants/tokenConfig.js index 7511a24..7b4316f 100644 --- a/signer-service/src/constants/tokenConfig.js +++ b/signer-service/src/constants/tokenConfig.js @@ -7,6 +7,7 @@ const TOKEN_CONFIG = { minWithdrawalAmount: '10000000000000', maximumSubsidyAmountRaw: '1000000000000', // 1 unit anchorExpectedKey: 'mykobo.co auth', + clientDomainEnabled: true, pendulumCurrencyId: { Stellar: { AlphaNum4: { @@ -29,6 +30,7 @@ const TOKEN_CONFIG = { minWithdrawalAmount: '11000000000000', // 11 ARS. Anchor minimum limit. maximumSubsidyAmountRaw: '100000000000000', // Defined by us: 100 unit ~ 0.1 USD @ Oct/2024 anchorExpectedKey: 'api.anclap.com auth', + clientDomainEnabled: false, pendulumCurrencyId: { Stellar: { AlphaNum4: { diff --git a/signer-service/src/index.js b/signer-service/src/index.js index 1797a88..a3fe7eb 100755 --- a/signer-service/src/index.js +++ b/signer-service/src/index.js @@ -4,25 +4,35 @@ const logger = require('./config/logger'); const app = require('./config/express'); require('dotenv').config(); -const { FUNDING_SECRET, PENDULUM_FUNDING_SEED, MOONBEAM_EXECUTOR_PRIVATE_KEY } = require('./constants/constants'); +const { + FUNDING_SECRET, + PENDULUM_FUNDING_SEED, + MOONBEAM_EXECUTOR_PRIVATE_KEY, + CLIENT_SECRET, +} = require('./constants/constants'); -// stop the application if the funding secret key is not set -// if (!FUNDING_SECRET) { -// logger.error('FUNDING_SECRET not set in the environment variables'); -// process.exit(1); -// } +//stop the application if the funding secret key is not set +if (!FUNDING_SECRET) { + logger.error('FUNDING_SECRET not set in the environment variables'); + process.exit(1); +} -// // stop the application if the Pendulum funding seed is not set -// if (!PENDULUM_FUNDING_SEED) { -// logger.error('PENDULUM_FUNDING_SEED not set in the environment variables'); -// process.exit(1); -// } +// stop the application if the Pendulum funding seed is not set +if (!PENDULUM_FUNDING_SEED) { + logger.error('PENDULUM_FUNDING_SEED not set in the environment variables'); + process.exit(1); +} -// // stop the application if the Moonbeam executor private key is not set -// if (!MOONBEAM_EXECUTOR_PRIVATE_KEY) { -// logger.error('MOONBEAM_EXECUTOR_PRIVATE_KEY not set in the environment variables'); -// process.exit(1); -// } +// stop the application if the Moonbeam executor private key is not set +if (!MOONBEAM_EXECUTOR_PRIVATE_KEY) { + logger.error('MOONBEAM_EXECUTOR_PRIVATE_KEY not set in the environment variables'); + process.exit(1); +} + +if (!CLIENT_SECRET) { + logger.error('CLIENT_SECRET not set in the environment variables'); + process.exit(1); +} // listen to requests app.listen(port, () => logger.info(`server started on port ${port} (${env})`)); diff --git a/src/constants/tokenConfig.ts b/src/constants/tokenConfig.ts index c909d5a..e1d5704 100644 --- a/src/constants/tokenConfig.ts +++ b/src/constants/tokenConfig.ts @@ -40,6 +40,7 @@ export interface OutputTokenDetails { offrampFeesBasisPoints: number; offrampFeesFixedComponent?: number; requiresClientMasterOverride: boolean; + supportsClientDomain: boolean; } export const INPUT_TOKEN_CONFIG: Record = { usdc: { @@ -91,6 +92,7 @@ export const OUTPUT_TOKEN_CONFIG: Record = maxWithdrawalAmountRaw: '10000000000000000', offrampFeesBasisPoints: 125, requiresClientMasterOverride: false, + supportsClientDomain: true, }, ars: { tomlFileUrl: 'https://api.anclap.com/.well-known/stellar.toml', @@ -116,6 +118,7 @@ export const OUTPUT_TOKEN_CONFIG: Record = offrampFeesBasisPoints: 200, // 2% offrampFeesFixedComponent: 10, // 10 ARS requiresClientMasterOverride: true, + supportsClientDomain: false, }, }; diff --git a/src/services/anchor/index.ts b/src/services/anchor/index.ts index 4882838..63858d8 100644 --- a/src/services/anchor/index.ts +++ b/src/services/anchor/index.ts @@ -65,6 +65,7 @@ export const fetchTomlValues = async (TOML_FILE_URL: string): Promise { let sep10Account; if (requiresClientMasterOverride) { @@ -85,8 +86,15 @@ async function getUrlParams( sep10Account = ephemeralAccount; } + if (supportsClientDomain) { + return { + urlParams: new URLSearchParams({ account: sep10Account, client_domain: config.applicationClientDomain }), + sep10Account, + }; + } + return { - urlParams: new URLSearchParams({ account: sep10Account, client_domain: config.applicationClientDomain }), + urlParams: new URLSearchParams({ account: sep10Account }), sep10Account, }; } @@ -107,9 +115,10 @@ export const sep10 = async ( const accountId = ephemeralKeys.publicKey(); const { requiresClientMasterOverride } = OUTPUT_TOKEN_CONFIG[outputToken]; + const { supportsClientDomain } = OUTPUT_TOKEN_CONFIG[outputToken]; // will select either clientMaster or the ephemeral account - const { urlParams, sep10Account } = await getUrlParams(accountId, requiresClientMasterOverride); + const { urlParams, sep10Account } = await getUrlParams(accountId, requiresClientMasterOverride, supportsClientDomain); const challenge = await fetch(`${webAuthEndpoint}?${urlParams.toString()}`); if (challenge.status !== 200) { @@ -137,7 +146,12 @@ export const sep10 = async ( outputToken, sep10Account, ); - transactionSigned.addSignature(clientPublic, clientSignature); + + // Workaround for Anclap, it is also disabled on backend so no security issues, + // modification here would only break the sep 10. + if (supportsClientDomain) { + transactionSigned.addSignature(clientPublic, clientSignature); + } if (!requiresClientMasterOverride) { transactionSigned.sign(ephemeralKeys);