From 99bb64795130490929f288b64e8603cf4a0894e5 Mon Sep 17 00:00:00 2001 From: Suraj Mahto Date: Mon, 6 May 2024 22:01:19 +0530 Subject: [PATCH] solana added --- api/v1/authenticate/authenticate.go | 138 +++++++++++++++------------- api/v1/authenticate/types.go | 5 +- go.mod | 1 + go.sum | 2 + util/pkg/cryptosign/checksign.go | 33 +++++++ 5 files changed, 114 insertions(+), 65 deletions(-) diff --git a/api/v1/authenticate/authenticate.go b/api/v1/authenticate/authenticate.go index 0b7650e..dfba34d 100644 --- a/api/v1/authenticate/authenticate.go +++ b/api/v1/authenticate/authenticate.go @@ -23,7 +23,7 @@ func ApplyRoutes(r *gin.RouterGroup) { g := r.Group("/authenticate") { g.POST("", authenticate) - g.POST("/NonSign", authenticateNonSignature) + // g.POST("/NonSign", authenticateNonSignature) g.Use(paseto.PASETO(false)) g.GET("", authenticateToken) } @@ -91,7 +91,19 @@ func authenticate(c *gin.Context) { } } if chain_symbol == "sol" || chain_symbol == "sui" { - isCorrect = true + + walletAddr, userId, isCorrect, err = cryptosign.CheckSignSol(req.Signature, req.FlowId, req.Message, req.PubKey) + + if err == cryptosign.ErrFlowIdNotFound { + httpo.NewErrorResponse(http.StatusNotFound, "Flow Id not found") + return + } + + if err != nil { + logwrapper.Errorf("failed to CheckSignature, error %v", err.Error()) + httpo.NewErrorResponse(http.StatusInternalServerError, "Unexpected error occured").SendD(c) + return + } } if isCorrect { // update wallet address for that user_id @@ -143,64 +155,64 @@ func authenticateToken(c *gin.Context) { httpo.NewSuccessResponseP(200, "Token verifies successfully", payload).SendD(c) } -func authenticateNonSignature(c *gin.Context) { - db := dbconfig.GetDb() - //TODO remove flow id if 200 - var req AuthenticateRequestNoSign - err := c.BindJSON(&req) - if err != nil { - httpo.NewErrorResponse(http.StatusBadRequest, fmt.Sprintf("payload is invalid: %s", err)).SendD(c) - return - } - - //Get flowid type - var flowIdData models.FlowId - err = db.Model(&models.FlowId{}).Where("flow_id = ?", req.FlowId).First(&flowIdData).Error - if err != nil { - logwrapper.Errorf("failed to get flowId, error %v", err) - httpo.NewErrorResponse(http.StatusNotFound, "flow id not found").SendD(c) - return - } - - if flowIdData.FlowIdType != models.AUTH { - httpo.NewErrorResponse(http.StatusBadRequest, "flow id not created for auth").SendD(c) - return - } - if req.WalletAddress != flowIdData.WalletAddress { - httpo.NewErrorResponse(http.StatusBadRequest, "WalletAddress incorrect").SendD(c) - return - } - - // update wallet address for that user_id - err = db.Model(&models.User{}).Where("user_id = ?", flowIdData.UserId).Update("wallet_address", flowIdData.WalletAddress).Error - if err != nil { - httpo.NewErrorResponse(http.StatusInternalServerError, "Unexpected error occured").SendD(c) - logwrapper.Errorf("failed to update wallet address, error %v", err.Error()) - return - } - - customClaims := claims.NewWithWallet(flowIdData.UserId, &flowIdData.WalletAddress) - pvKey, err := hex.DecodeString(envconfig.EnvVars.PASETO_PRIVATE_KEY[2:]) - if err != nil { - httpo.NewErrorResponse(http.StatusInternalServerError, "Unexpected error occured").SendD(c) - logwrapper.Errorf("failed to generate token, error %v", err.Error()) - return - } - pasetoToken, err := auth.GenerateToken(customClaims, pvKey) - if err != nil { - httpo.NewErrorResponse(http.StatusInternalServerError, "Unexpected error occured").SendD(c) - logwrapper.Errorf("failed to generate token, error %v", err.Error()) - return - } - err = db.Where("flow_id = ?", req.FlowId).Delete(&models.FlowId{}).Error - if err != nil { - httpo.NewErrorResponse(http.StatusInternalServerError, "Unexpected error occured").SendD(c) - logwrapper.Errorf("failed to delete flowId, error %v", err.Error()) - return - } - payload := AuthenticatePayload{ - Token: pasetoToken, - UserId: flowIdData.UserId, - } - httpo.NewSuccessResponseP(200, "Token generated successfully", payload).SendD(c) -} +// func authenticateNonSignature(c *gin.Context) { +// db := dbconfig.GetDb() +// //TODO remove flow id if 200 +// var req AuthenticateRequestNoSign +// err := c.BindJSON(&req) +// if err != nil { +// httpo.NewErrorResponse(http.StatusBadRequest, fmt.Sprintf("payload is invalid: %s", err)).SendD(c) +// return +// } + +// //Get flowid type +// var flowIdData models.FlowId +// err = db.Model(&models.FlowId{}).Where("flow_id = ?", req.FlowId).First(&flowIdData).Error +// if err != nil { +// logwrapper.Errorf("failed to get flowId, error %v", err) +// httpo.NewErrorResponse(http.StatusNotFound, "flow id not found").SendD(c) +// return +// } + +// if flowIdData.FlowIdType != models.AUTH { +// httpo.NewErrorResponse(http.StatusBadRequest, "flow id not created for auth").SendD(c) +// return +// } +// if req.WalletAddress != flowIdData.WalletAddress { +// httpo.NewErrorResponse(http.StatusBadRequest, "WalletAddress incorrect").SendD(c) +// return +// } + +// // update wallet address for that user_id +// err = db.Model(&models.User{}).Where("user_id = ?", flowIdData.UserId).Update("wallet_address", flowIdData.WalletAddress).Error +// if err != nil { +// httpo.NewErrorResponse(http.StatusInternalServerError, "Unexpected error occured").SendD(c) +// logwrapper.Errorf("failed to update wallet address, error %v", err.Error()) +// return +// } + +// customClaims := claims.NewWithWallet(flowIdData.UserId, &flowIdData.WalletAddress) +// pvKey, err := hex.DecodeString(envconfig.EnvVars.PASETO_PRIVATE_KEY[2:]) +// if err != nil { +// httpo.NewErrorResponse(http.StatusInternalServerError, "Unexpected error occured").SendD(c) +// logwrapper.Errorf("failed to generate token, error %v", err.Error()) +// return +// } +// pasetoToken, err := auth.GenerateToken(customClaims, pvKey) +// if err != nil { +// httpo.NewErrorResponse(http.StatusInternalServerError, "Unexpected error occured").SendD(c) +// logwrapper.Errorf("failed to generate token, error %v", err.Error()) +// return +// } +// err = db.Where("flow_id = ?", req.FlowId).Delete(&models.FlowId{}).Error +// if err != nil { +// httpo.NewErrorResponse(http.StatusInternalServerError, "Unexpected error occured").SendD(c) +// logwrapper.Errorf("failed to delete flowId, error %v", err.Error()) +// return +// } +// payload := AuthenticatePayload{ +// Token: pasetoToken, +// UserId: flowIdData.UserId, +// } +// httpo.NewSuccessResponseP(200, "Token generated successfully", payload).SendD(c) +// } diff --git a/api/v1/authenticate/types.go b/api/v1/authenticate/types.go index f8ac710..615f44d 100644 --- a/api/v1/authenticate/types.go +++ b/api/v1/authenticate/types.go @@ -2,8 +2,9 @@ package authenticate type AuthenticateRequest struct { FlowId string `json:"flowId" binding:"required"` - Signature string `json:"signature" binding:"required,hexadecimal,startswith=0x"` - PubKey string `json:"pubKey" binding:"required,hexadecimal,startswith=0x"` + Signature string `json:"signature" binding:"required,hexadecimal"` + PubKey string `json:"pubKey" binding:"required"` + Message string `json:"message" binding:"required"` } type AuthenticateRequestNoSign struct { FlowId string `json:"flowId" binding:"required"` diff --git a/go.mod b/go.mod index 427a171..d49967b 100644 --- a/go.mod +++ b/go.mod @@ -70,6 +70,7 @@ require ( github.com/mattn/go-isatty v0.0.19 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/mr-tron/base58 v1.2.0 github.com/pelletier/go-toml/v2 v2.0.8 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/rjeczalik/notify v0.9.1 // indirect diff --git a/go.sum b/go.sum index be738b7..fcefa8a 100644 --- a/go.sum +++ b/go.sum @@ -449,6 +449,8 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/mr-tron/base58 v1.2.0 h1:T/HDJBh4ZCPbU39/+c3rRvE0uKBQlU27+QI8LJ4t64o= +github.com/mr-tron/base58 v1.2.0/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc= github.com/mschoch/smat v0.0.0-20160514031455-90eadee771ae/go.mod h1:qAyveg+e4CE+eKJXWVjKXM4ck2QobLqTDytGJbLLhJg= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/naoina/go-stringutil v0.1.0/go.mod h1:XJ2SJL9jCtBh+P9q5btrd/Ylo8XwT/h1USek5+NqSA0= diff --git a/util/pkg/cryptosign/checksign.go b/util/pkg/cryptosign/checksign.go index 345fe65..8278c4c 100644 --- a/util/pkg/cryptosign/checksign.go +++ b/util/pkg/cryptosign/checksign.go @@ -13,6 +13,11 @@ import ( "github.com/ethereum/go-ethereum/common/hexutil" "github.com/ethereum/go-ethereum/crypto" + + "crypto/ed25519" + "encoding/hex" + + "github.com/mr-tron/base58" ) var ( @@ -90,3 +95,31 @@ func CheckSignEth(signature string, flowId string, message string) (string, stri return "", "", false, nil } } + +func CheckSignSol(signature string, flowId string, message string, pubKey string) (string,string, bool, error) { + + db := dbconfig.GetDb() + bytes, err := base58.Decode(pubKey) + if err != nil { + return "", "", false, err + } + messageAsBytes := []byte(message) + + signedMessageAsBytes, err := hex.DecodeString(signature) + + if err != nil { + + return "", "", false, err + } + + var flowIdData models.FlowId + err = db.Model(&models.FlowId{}).Where("flow_id = ?", flowId).First(&flowIdData).Error + if errors.Is(err, gorm.ErrRecordNotFound) { + return "", "", false, err + } + + ed25519.Verify(bytes, messageAsBytes, signedMessageAsBytes) + + return flowIdData.WalletAddress,flowIdData.UserId,true ,nil + +} \ No newline at end of file