String-xyz · alcalawil · Jan 26, 2023 · Jan 12, 2023 · Jan 26, 2023 · Jan 26, 2023
diff --git a/api/handler/login.go b/api/handler/login.go
@@ -1,6 +1,7 @@
 package handler
 
 import (
+	b64 "encoding/base64"
 	"net/http"
 	"strings"
 
@@ -41,7 +42,8 @@ func (l login) NoncePayload(c echo.Context) error {
 		return InternalError(c)
 	}
 
-	return c.JSON(http.StatusOK, payload)
+	encodedNonce := b64.StdEncoding.EncodeToString([]byte(payload.Nonce))
+	return c.JSON(http.StatusOK, map[string]string{"nonce": encodedNonce})
 }
 
 func (l login) VerifySignature(c echo.Context) error {
@@ -56,6 +58,14 @@ func (l login) VerifySignature(c echo.Context) error {
 		return InvalidPayloadError(c, err)
 	}
 
+	// base64 decode nonce
+	decodedNonce, _ := b64.URLEncoding.DecodeString(body.Nonce)
+	if err != nil {
+		LogStringError(c, err, "login: verify signature decode nonce")
+		return BadRequestError(c)
+	}
+	body.Nonce = string(decodedNonce)
+
 	resp, err := l.Service.VerifySignedPayload(body)
 	if err != nil && strings.Contains(err.Error(), "unknown device") {
 		return Unprocessable(c)

diff --git a/api/handler/user.go b/api/handler/user.go
@@ -1,6 +1,7 @@
 package handler
 
 import (
+	b64 "encoding/base64"
 	"net/http"
 	"strings"
 
@@ -43,6 +44,14 @@ func (u user) Create(c echo.Context) error {
 		return InvalidPayloadError(c, err)
 	}
 
+	// base64 decode nonce
+	decodedNonce, _ := b64.URLEncoding.DecodeString(body.Nonce)
+	if err != nil {
+		LogStringError(c, err, "user: create user decode nonce")
+		return BadRequestError(c)
+	}
+	body.Nonce = string(decodedNonce)
+
 	resp, err := u.userService.Create(body)
 	if err != nil {
 		if strings.Contains(err.Error(), "wallet already associated with user") {

diff --git a/pkg/internal/common/sign_test.go b/pkg/internal/common/sign_test.go
@@ -5,6 +5,8 @@ import (
 	"fmt"
 	"testing"
 
+	b64 "encoding/base64"
+
 	"github.com/String-xyz/string-api/pkg/model"
 	"github.com/joho/godotenv"
 	"github.com/stretchr/testify/assert"
@@ -14,12 +16,17 @@ func TestSignAndValidateString(t *testing.T) {
 	err := godotenv.Load("../../../.env")
 	assert.NoError(t, err)
 
-	obj1 := []byte("Your String Here")
+	encodedMessage := "Your base64 encoded String Here"
+
+	// decode
+	decoded, err := b64.URLEncoding.DecodeString(encodedMessage)
+	assert.NoError(t, err)
 
-	obj1Signed, err := EVMSign(obj1, true)
+	// sign
+	obj1Signed, err := EVMSign(decoded, true)
 	assert.NoError(t, err)
 	fmt.Printf("\nString Signature: %+v\n", obj1Signed)
-	valid, err := ValidateEVMSignature(obj1Signed, obj1, true)
+	valid, err := ValidateEVMSignature(obj1Signed, decoded, true)
 	assert.NoError(t, err)
 	assert.Equal(t, true, valid)
 }

diff --git a/pkg/service/auth.go b/pkg/service/auth.go
@@ -22,8 +22,6 @@ type SignablePayload struct {
 
 var hexRegex *regexp.Regexp = regexp.MustCompile(`^0x[a-fA-F0-9]{40}$`)
 
-// var walletAuthenticationPrefix string = "" // For testing locally
-
 var walletAuthenticationPrefix string = "Thank you for using String! By signing this message you are:\n\n1) Authorizing String to initiate off-chain transactions on your behalf, including your bank account, credit card, or debit card.\n\n2) Confirming that this wallet is owned by you.\n\nThis request will not trigger any blockchain transaction or cost any gas.\n\nNonce: "
 
 type RefreshTokenResponse struct {