smart wallet validation (#187)

t0lia · Jun 29, 2024 · 9c0e3b7 · 9c0e3b7
1 parent a6887e0
commit 9c0e3b7
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 3 deletions.
diff --git a/backend/build.gradle b/backend/build.gradle
@@ -40,7 +40,7 @@ dependencies {
     implementation "org.jetbrains.kotlin:kotlin-reflect"
     implementation "org.springdoc:springdoc-openapi-starter-webmvc-ui:2.2.0"
     implementation "com.github.ulisesbocchio:jasypt-spring-boot-starter:3.0.5"
-    implementation("com.moonstoneid:siwe-java:1.0.5") {
+    implementation("com.moonstoneid:siwe-java:1.0.6") {
         exclude group: 'org.slf4j', module: 'slf4j-simple'
     }
     implementation("org.openapitools:openapi-generator:7.1.0") {

diff --git a/backend/src/main/kotlin/com/retypeme/project/auth/metamask/MetaMaskAuthenticationProvider.kt b/backend/src/main/kotlin/com/retypeme/project/auth/metamask/MetaMaskAuthenticationProvider.kt
@@ -6,20 +6,27 @@ import com.moonstoneid.siwe.SiweMessage
 import com.moonstoneid.siwe.error.SiweException
 import com.retypeme.project.auth.UserRepository
 import com.retypeme.project.auth.VerificationRequest
+import com.retypeme.project.chain.ChainItemConfig
+import com.retypeme.project.chain.ConfigReaderService
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.security.authentication.BadCredentialsException
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
 import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
 import org.springframework.security.core.AuthenticationException
 import org.springframework.security.core.userdetails.UserDetails
 import org.springframework.stereotype.Component
+import org.web3j.protocol.Web3j
+import org.web3j.protocol.http.HttpService
 
 @Component
 class MetaMaskAuthenticationProvider : AbstractUserDetailsAuthenticationProvider() {
 
     @Autowired
     private lateinit var userRepository: UserRepository
 
+    @Autowired
+    private lateinit var configReaderService: ConfigReaderService
+
     @Throws(AuthenticationException::class)
     override fun additionalAuthenticationChecks(userDetails: UserDetails, auth: UsernamePasswordAuthenticationToken) {
         auth as MetaMaskAuthenticationRequest
@@ -29,8 +36,13 @@ class MetaMaskAuthenticationProvider : AbstractUserDetailsAuthenticationProvider
         val message: SiweMessage = SiweMessage.Parser().parse(verificationRequest.message);
 
         try {
-//            message.verify(message.domain, userDetails.nonce, verificationRequest.signature)
-            message.verify(message.domain, message.nonce, verificationRequest.signature)
+            val rpc = configReaderService.readChainConfig().chains.filter { item -> item.id == message.chainId }
+                .map { item -> item.rpc }
+                .first()
+
+            val provider: Web3j = Web3j.build(HttpService(rpc));
+
+            message.verify(message.domain, message.nonce, verificationRequest.signature, provider)
         } catch (e: SiweException) {
             throw BadCredentialsException("Signature is not valid", e)
         }