diff --git a/api/handler/login.go b/api/handler/login.go index be08c07a..41422804 100644 --- a/api/handler/login.go +++ b/api/handler/login.go @@ -1,6 +1,7 @@ package handler import ( + b64 "encoding/base64" "net/http" "strings" @@ -41,7 +42,8 @@ func (l login) NoncePayload(c echo.Context) error { return InternalError(c) } - return c.JSON(http.StatusOK, payload) + encodedNonce := b64.StdEncoding.EncodeToString([]byte(payload.Nonce)) + return c.JSON(http.StatusOK, map[string]string{"nonce": encodedNonce}) } func (l login) VerifySignature(c echo.Context) error { @@ -56,6 +58,14 @@ func (l login) VerifySignature(c echo.Context) error { return InvalidPayloadError(c, err) } + // base64 decode nonce + decodedNonce, _ := b64.URLEncoding.DecodeString(body.Nonce) + if err != nil { + LogStringError(c, err, "login: verify signature decode nonce") + return BadRequestError(c) + } + body.Nonce = string(decodedNonce) + resp, err := l.Service.VerifySignedPayload(body) if err != nil && strings.Contains(err.Error(), "unknown device") { return Unprocessable(c) diff --git a/api/handler/user.go b/api/handler/user.go index ac76b117..eedaa4ad 100644 --- a/api/handler/user.go +++ b/api/handler/user.go @@ -1,6 +1,7 @@ package handler import ( + b64 "encoding/base64" "net/http" "strings" @@ -43,6 +44,14 @@ func (u user) Create(c echo.Context) error { return InvalidPayloadError(c, err) } + // base64 decode nonce + decodedNonce, _ := b64.URLEncoding.DecodeString(body.Nonce) + if err != nil { + LogStringError(c, err, "user: create user decode nonce") + return BadRequestError(c) + } + body.Nonce = string(decodedNonce) + resp, err := u.userService.Create(body) if err != nil { if strings.Contains(err.Error(), "wallet already associated with user") { diff --git a/pkg/internal/common/sign_test.go b/pkg/internal/common/sign_test.go index 85af266a..30c8be7d 100644 --- a/pkg/internal/common/sign_test.go +++ b/pkg/internal/common/sign_test.go @@ -5,6 +5,8 @@ import ( "fmt" "testing" + b64 "encoding/base64" + "github.com/String-xyz/string-api/pkg/model" "github.com/joho/godotenv" "github.com/stretchr/testify/assert" @@ -14,12 +16,17 @@ func TestSignAndValidateString(t *testing.T) { err := godotenv.Load("../../../.env") assert.NoError(t, err) - obj1 := []byte("Your String Here") + encodedMessage := "Your base64 encoded String Here" + + // decode + decoded, err := b64.URLEncoding.DecodeString(encodedMessage) + assert.NoError(t, err) - obj1Signed, err := EVMSign(obj1, true) + // sign + obj1Signed, err := EVMSign(decoded, true) assert.NoError(t, err) fmt.Printf("\nString Signature: %+v\n", obj1Signed) - valid, err := ValidateEVMSignature(obj1Signed, obj1, true) + valid, err := ValidateEVMSignature(obj1Signed, decoded, true) assert.NoError(t, err) assert.Equal(t, true, valid) } diff --git a/pkg/service/auth.go b/pkg/service/auth.go index 48f256e3..668b9b0c 100644 --- a/pkg/service/auth.go +++ b/pkg/service/auth.go @@ -22,8 +22,6 @@ type SignablePayload struct { var hexRegex *regexp.Regexp = regexp.MustCompile(`^0x[a-fA-F0-9]{40}$`) -// var walletAuthenticationPrefix string = "" // For testing locally - var walletAuthenticationPrefix string = "Thank you for using String! By signing this message you are:\n\n1) Authorizing String to initiate off-chain transactions on your behalf, including your bank account, credit card, or debit card.\n\n2) Confirming that this wallet is owned by you.\n\nThis request will not trigger any blockchain transaction or cost any gas.\n\nNonce: " type RefreshTokenResponse struct {