Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate user-provided AuthSignature #537

Merged
merged 3 commits into from
Jul 3, 2024
Merged

Validate user-provided AuthSignature #537

merged 3 commits into from
Jul 3, 2024

Conversation

piotr-roslaniec
Copy link
Contributor

@piotr-roslaniec piotr-roslaniec commented Jun 28, 2024
edited
Loading

Type of PR:

  • Feature

Required reviews:

  • 2

What this does:

  • Implements AuthSignature validation with zod
  • Moves some code around in taco-auth to prevent circular-dependency issues that break zod

Issues fixed/closed:

Why it's needed:

Explain how this PR fits in the greater context of the NuCypher Network.
E.g., if this PR address a nucypher/productdev issue, let reviewers know!

Notes for reviewers:

  • ...

@piotr-roslaniec piotr-roslaniec force-pushed the auth-sig-validation branch 3 times, most recently from bbfae8c to 5dd8396 Compare July 1, 2024 09:00
@piotr-roslaniec piotr-roslaniec mentioned this pull request Jul 1, 2024
Merged
@piotr-roslaniec piotr-roslaniec force-pushed the auth-sig-validation branch 2 times, most recently from 776a065 to e8649d8 Compare July 1, 2024 10:13
@piotr-roslaniec piotr-roslaniec marked this pull request as ready for review July 1, 2024 10:21
@piotr-roslaniec piotr-roslaniec mentioned this pull request Jul 1, 2024
Merged
17 tasks
theref
theref reviewed Jul 3, 2024
View reviewed changes
packages/taco-auth/src/storage.ts
@@ -36,11 +38,24 @@ export class LocalStorage {
: new BrowserStorage();
}

getItem(key: string): string | null {
return this.storage.getItem(key);
public getAuthSignature(key: string): AuthSignature | null {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

theref
theref approved these changes Jul 3, 2024
View reviewed changes
Copy link
Contributor

@theref theref left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great

cygnusv
cygnusv reviewed Jul 3, 2024
View reviewed changes
packages/shared/src/schemas.ts Outdated
import { z } from 'zod';

export const ETH_ADDRESS_REGEXP = new RegExp('^0x[a-fA-F0-9]{40}$');
export const EthAddressSchema = z.string().regex(ETH_ADDRESS_REGEXP);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we go a step further and validate the address with ethers and a zod .refine?

https://docs.ethers.org/v6/api/address/#getAddress

packages/taco-auth/src/storage.ts Outdated
}

setItem(key: string, value: string): void {
this.storage.setItem(key, value);
public static toJson(signature: AuthSignature): string {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not a blocker but it's a bit weird that json<=>authsignature conversion methods are part of the storage interface

manumonti
manumonti approved these changes Jul 3, 2024
View reviewed changes
Copy link
Member

@manumonti manumonti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 👌

packages/test-utils/src/utils.ts Outdated
@@ -53,8 +53,8 @@ export const fromBytes = (bytes: Uint8Array): string =>

export const fakePorterUri = 'https://_this_should_crash.com/';

const makeFakeProvider = (timestamp: number, blockNumber: number) => {
const block = { timestamp };
const makeFakeProvider = (timestamp: number, blockNumber: number, blockHash: string) => {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not relevant for this PR, but shouldn't the code formatter split this line in several ones?

Suggested change
const makeFakeProvider = (timestamp: number, blockNumber: number, blockHash: string) => {
const makeFakeProvider = (
timestamp: number,
blockNumber: number,
blockHash: string,
) => {

@piotr-roslaniec piotr-roslaniec merged commit b3d724d into nucypher:epic-auth Jul 3, 2024
4 checks passed
derekpierre
derekpierre reviewed Jul 3, 2024
View reviewed changes
packages/taco-auth/src/providers/eip4361.ts

export type EIP4361TypedData = string;

export const EIP4361TypedDataSchema = z.string();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we use zod refine here as well? You can try calling the SiweMessage constructor as part of the refine function to ensure that the string can be parsed properly.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed here: f9e2030 (#527)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎸

@piotr-roslaniec piotr-roslaniec deleted the auth-sig-validation branch July 3, 2024 18:38
@derekpierre derekpierre mentioned this pull request Jul 8, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@derekpierre derekpierre derekpierre left review comments

@cygnusv cygnusv cygnusv left review comments

@manumonti manumonti manumonti approved these changes

@theref theref theref approved these changes

@KPrasch KPrasch Awaiting requested review from KPrasch

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@piotr-roslaniec @cygnusv @theref @derekpierre @manumonti