we have auth. now
This commit is contained in:
@@ -1,100 +1,113 @@
|
||||
const express = require('express');
|
||||
const express = require("express");
|
||||
const router = express.Router({ mergeParams: true });
|
||||
const siwe = require('siwe');
|
||||
const bs58 = require('bs58');
|
||||
const nacl = require('tweetnacl');
|
||||
const siwe = require("siwe");
|
||||
const bs58 = require("bs58");
|
||||
const nacl = require("tweetnacl");
|
||||
|
||||
const { Nonce, AuthToken } = require('../models/index.js');
|
||||
const { generateNonce, generateBearerToken } = require('../utils/index.js');
|
||||
const { verifyToken } = require("../middlewares/auth.middleware.js");
|
||||
const { Nonces, AuthTokens } = require("../models/index.js");
|
||||
const { generateNonce, generateBearerToken } = require("../utils/index.js");
|
||||
|
||||
router.get('/nonce', async (req, res) => {
|
||||
const { address, type } = req.query;
|
||||
router.get("/nonce", async (req, res) => {
|
||||
const { address: walletAddress, type: networkType } = req.query;
|
||||
|
||||
if (!address || !type) {
|
||||
return res.status(400).json({ error: 'Missing address or type' });
|
||||
if (!walletAddress || !networkType) {
|
||||
return res
|
||||
.status(400)
|
||||
.json({ error: "Missing walletAddress or networkType" });
|
||||
}
|
||||
|
||||
if (type !== 'ethereum' && type !== 'solana') {
|
||||
return res.status(400).json({ error: 'Invalid type. Must be "ethereum" or "solana"' });
|
||||
if (networkType !== "ethereum" && type !== "solana") {
|
||||
return res
|
||||
.status(400)
|
||||
.json({ error: 'Invalid networkType. Must be "ethereum" or "solana"' });
|
||||
}
|
||||
|
||||
const nonce = generateNonce();
|
||||
|
||||
try {
|
||||
await Nonce.findOneAndUpdate(
|
||||
{ address, type },
|
||||
{ address, nonce, type },
|
||||
{ upsert: true, new: true }
|
||||
await Nonces.findOneAndUpdate(
|
||||
{ walletAddress, networkType },
|
||||
{ walletAddress, nonce, networkType },
|
||||
{ upsert: true, new: true },
|
||||
);
|
||||
|
||||
res.json({ nonce });
|
||||
} catch (error) {
|
||||
res.status(500).json({ error: 'Server error' });
|
||||
res.status(500).json({ error: "Server error" });
|
||||
}
|
||||
});
|
||||
|
||||
router.post('/verify', async (req, res) => {
|
||||
const { message, address, signature } = req.body;
|
||||
router.post("/verify", async (req, res) => {
|
||||
const { message, walletAddress, signature } = req.body;
|
||||
|
||||
if (!address || !signature) {
|
||||
return res.status(400).json({error: 'Missing address or signature'});
|
||||
if (!walletAddress || !signature) {
|
||||
return res
|
||||
.status(400)
|
||||
.json({ error: "Missing walletAddress or signature" });
|
||||
}
|
||||
|
||||
const nonce = await Nonce.findOne({ address }).lean().select('-__v -updatedAt');
|
||||
const type = nonce.type;
|
||||
const nonce = await Nonces.findOne({ walletAddress })
|
||||
.lean()
|
||||
.select("-__v -updatedAt");
|
||||
const networkType = nonce.networkType;
|
||||
|
||||
try {
|
||||
if (type === 'ethereum') {
|
||||
if (networkType === "ethereum") {
|
||||
if (!message) {
|
||||
return res.status(400).json({ error: 'Missing SiweMessage' });
|
||||
return res.status(400).json({ error: "Missing SiweMessage" });
|
||||
}
|
||||
const siweMessage = new siwe.SiweMessage(message);
|
||||
const fields = await siweMessage.verify({ signature, nonce: nonce.nonce });
|
||||
if (address == fields.address)
|
||||
throw new Error('Invalid signature');
|
||||
} else if (type === 'solana') {
|
||||
const fields = await siweMessage.verify({
|
||||
signature,
|
||||
nonce: nonce.nonce,
|
||||
});
|
||||
if (walletAddress == fields.walletAddress)
|
||||
throw new Error("Invalid signature");
|
||||
} else if (networkType === "solana") {
|
||||
const signatureUint8 = bs58.default.decode(signature);
|
||||
const messageUint8 = new TextEncoder().encode(nonce.nonce);
|
||||
const publicKeyUint8 = bs58.default.decode(address);
|
||||
const publicKeyUint8 = bs58.default.decode(walletAddress);
|
||||
|
||||
const isValid = nacl.sign.detached.verify(messageUint8, signatureUint8, publicKeyUint8);
|
||||
const isValid = nacl.sign.detached.verify(
|
||||
messageUint8,
|
||||
signatureUint8,
|
||||
publicKeyUint8,
|
||||
);
|
||||
if (!isValid) {
|
||||
throw new Error('Invalid signature');
|
||||
throw new Error("Invalid signature");
|
||||
}
|
||||
} else {
|
||||
return res.status(400).json({ error: 'Invalid type. Must be "ethereum" or "solana"' });
|
||||
return res
|
||||
.status(400)
|
||||
.json({ error: 'Invalid networkType. Must be "ethereum" or "solana"' });
|
||||
}
|
||||
|
||||
const auth_token = generateBearerToken();
|
||||
const authToken = generateBearerToken();
|
||||
|
||||
await AuthToken.findOneAndUpdate(
|
||||
{ address, type },
|
||||
{ auth_token, createdAt: new Date() },
|
||||
{ upsert: true, new: true, setDefaultsOnInsert: true }
|
||||
await AuthTokens.findOneAndUpdate(
|
||||
{ walletAddress, networkType },
|
||||
{ authToken, createdAt: new Date() },
|
||||
{ upsert: true, new: true, setDefaultsOnInsert: true },
|
||||
);
|
||||
await Nonce.deleteOne({ address, type });
|
||||
await Nonces.deleteOne({ walletAddress, networkType });
|
||||
|
||||
res.json({ auth_token });
|
||||
res.json({ authToken });
|
||||
} catch (error) {
|
||||
res.status(400).json({ error: `${error.message}, ${error.stack}` });
|
||||
}
|
||||
});
|
||||
|
||||
router.delete('/auth/signoff', async (req, res) => {
|
||||
const authHeader = req.headers['authorization'];
|
||||
const token = authHeader && authHeader.split(' ')[1];
|
||||
|
||||
if (!token) {
|
||||
return res.status(400).json({ error: 'Missing authorization token in header'});
|
||||
}
|
||||
|
||||
const deletedAuth = AuthToken.findOneAndDelete({ auth_token: token });
|
||||
router.delete("/signoff", verifyToken, async (req, res) => {
|
||||
const deletedAuth = AuthTokens.findOneAndDelete({
|
||||
authToken: tokenRecord.authToken,
|
||||
});
|
||||
|
||||
if (!deletedAuth) {
|
||||
return res.status(400).json({ error: 'Can\'t log out, not logged in?' });
|
||||
return res.status(400).json({ error: "Can't log out, not logged in?" });
|
||||
}
|
||||
|
||||
return res.status(204).json({ error: 'Logged out successfully.' });
|
||||
return res.status(204).json({ error: "Logged out successfully." });
|
||||
});
|
||||
|
||||
module.exports = router;
|
||||
|
||||
@@ -1,9 +1,13 @@
|
||||
const express = require('express');
|
||||
const express = require("express");
|
||||
const router = express.Router({ mergeParams: true });
|
||||
|
||||
const { User } = require('../models/index.js');
|
||||
const { Users } = require("../models/index.js");
|
||||
const {
|
||||
verifyToken,
|
||||
editProfile,
|
||||
} = require("../middlewares/auth.middleware.js");
|
||||
|
||||
router.get('/users', async (req, res) => {
|
||||
router.get("/", async (req, res) => {
|
||||
const { publicKey, address } = req.query;
|
||||
|
||||
try {
|
||||
@@ -16,59 +20,71 @@ router.get('/users', async (req, res) => {
|
||||
}
|
||||
|
||||
if (!publicKey && !address) {
|
||||
return res.status(400).json({ error: 'Please provide a publicKey or address to search.' });
|
||||
return res
|
||||
.status(400)
|
||||
.json({ error: "Please provide a publicKey or address to search." });
|
||||
}
|
||||
|
||||
const users = await User.find(query);
|
||||
const users = await Users.find(query);
|
||||
|
||||
if (users.length === 0) {
|
||||
return res.status(404).json({ error: 'No users found matching the criteria.' });
|
||||
return res
|
||||
.status(404)
|
||||
.json({ error: "No users found matching the criteria." });
|
||||
}
|
||||
|
||||
res.json(users);
|
||||
} catch (err) {
|
||||
res.status(500).json({ error: 'Server error' });
|
||||
res.status(500).json({ error: "Server error" });
|
||||
}
|
||||
});
|
||||
|
||||
router.post('/users', async (req, res) => {
|
||||
router.post("/", verifyToken, editProfile, async (req, res) => {
|
||||
const { walletAddress, networkType, profileName, publicKey } = req.body;
|
||||
|
||||
try {
|
||||
const user = new User({
|
||||
address: req.body.address,
|
||||
networkType: req.body.networkType,
|
||||
profileName: req.body.profileName || 'Anonymous',
|
||||
publicKey: req.body.publicKey
|
||||
const user = new Users({
|
||||
walletAddress,
|
||||
networkType,
|
||||
profileName,
|
||||
publicKey,
|
||||
});
|
||||
|
||||
|
||||
await user.save();
|
||||
res.status(201).json(user);
|
||||
} catch (err) {
|
||||
if (err.code === 11000) {
|
||||
return res.status(400).json({ error: 'Public key already exists, are you trying to impersonate someone?' });
|
||||
} catch (error) {
|
||||
if (error.code === 11000) {
|
||||
return res.status(400).json({
|
||||
error:
|
||||
"Public key already exists, are you trying to impersonate someone?",
|
||||
});
|
||||
}
|
||||
res.status(500).json({ error: 'Server error' });
|
||||
console.error(error);
|
||||
res.status(500).json({ error });
|
||||
}
|
||||
});
|
||||
|
||||
router.put('/users/:publicKey', async (req, res) => {
|
||||
router.put("/:publicKey", verifyToken, editProfile, async (req, res) => {
|
||||
const { walletAddress, networkType, profileName, publicKey } = req.body;
|
||||
|
||||
try {
|
||||
const updatedUser = await User.findOneAndUpdate(
|
||||
{ publicKey: req.params.publicKey },
|
||||
const updatedUser = await Users.findOneAndUpdate(
|
||||
{ publicKey },
|
||||
{
|
||||
address: req.body.address,
|
||||
networkType: req.body.networkType,
|
||||
profileName: req.body.profileName
|
||||
walletAddress,
|
||||
networkType,
|
||||
profileName,
|
||||
},
|
||||
{ new: true }
|
||||
{ new: true },
|
||||
);
|
||||
|
||||
if (!updatedUser) {
|
||||
return res.status(404).json({ error: 'User not found' });
|
||||
return res.status(404).json({ error: "User not found" });
|
||||
}
|
||||
|
||||
res.json(updatedUser);
|
||||
} catch (err) {
|
||||
res.status(500).json({ error: 'Server error' });
|
||||
} catch (error) {
|
||||
res.status(500).json({ error });
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
Reference in New Issue
Block a user