Initial commit

users route is incomplete
can auth using SIWE and SIWS when used with zkl-roadhog
more to come...

routes/app.route.js

@@ -0,0 +1,9 @@
+const express = require('express');
+const router = express.Router();
+const authRoute = require('./auth.route.js');
+const usersRoute = require('./users.route.js');
+
+router.use('/auth', authRoute);
+router.use('/users', usersRoute);
+
+module.exports = router;

routes/auth.route.js

@@ -0,0 +1,99 @@
+const express = require('express');
+const router = express.Router({ mergeParams: true });
+const siwe = require('siwe');
+const bs58 = require('bs58');
+const nacl = require('tweetnacl');
+
+const { Nonce, AuthToken } = require('../models/index.js');
+const { generateNonce, generateBearerToken } = require('../utils/index.js');
+
+router.get('/nonce', async (req, res) => {
+  const { address, type } = req.query;
+
+  if (!address || !type) {
+    return res.status(400).json({ error: 'Missing address or type' });
+  }
+
+  if (type !== 'ethereum' && type !== 'solana') {
+    return res.status(400).json({ error: 'Invalid type. Must be "ethereum" or "solana"' });
+  }
+
+  const nonce = generateNonce();
+
+  try {
+    await Nonce.findOneAndUpdate(
+      { address, type },
+      { address, nonce, type },
+      { upsert: true, new: true }
+    );
+
+    res.json({ nonce });
+  } catch (error) {
+    res.status(500).json({ error: 'Server error' });
+  }
+});
+
+router.post('/verify', async (req, res) => {
+  const { type, message, address, signature } = req.body;
+
+  if (!type || !address || !signature) {
+    return res.status(400).json({error: 'Missing type, address or signature'});
+  }
+
+  const nonce = await Nonce.findOne({ address }).lean().select('-__v -updatedAt');
+
+  try {
+    if (type === 'ethereum') {
+      if (!message) {
+        return res.status(400).json({ error: 'Missing SiweMessage' });
+      }
+      const siweMessage = new siwe.SiweMessage(message);
+      const fields = await siweMessage.verify({ signature, nonce: nonce.nonce });
+      if (address == fields.address)
+        throw new Error('Invalid signature');
+    } else if (type === 'solana') {
+      const signatureUint8 = bs58.default.decode(signature);
+      const messageUint8 = new TextEncoder().encode(nonce.nonce);
+      const publicKeyUint8 = bs58.default.decode(address);
+
+      const isValid = nacl.sign.detached.verify(messageUint8, signatureUint8, publicKeyUint8);
+      if (!isValid) {
+        throw new Error('Invalid signature');
+      }
+    } else {
+      return res.status(400).json({ error: 'Invalid type. Must be "ethereum" or "solana"' });
+    }
+
+    const auth_token = generateBearerToken();
+
+    await AuthToken.findOneAndUpdate(
+      { address, type },
+      { auth_token, createdAt: new Date() },
+      { upsert: true, new: true, setDefaultsOnInsert: true }
+    );
+    await Nonce.deleteOne({ address, type });
+
+    res.json({ auth_token });
+  } catch (error) {
+    res.status(400).json({ error: `${error.message}, ${error.stack}` });
+  }
+});
+
+router.delete('/auth/signoff', async (req, res) => {
+  const authHeader = req.headers['authorization'];
+  const token = authHeader && authHeader.split(' ')[1];
+
+  if (!token) {
+    return res.status(400).json({ error: 'Missing authorization token in header'});
+  }
+
+  const deletedAuth = AuthToken.findOneAndDelete({ auth_token: token });
+
+  if (!deletedAuth) {
+    return res.status(400).json({ error: 'Can\'t log out, not logged in?' });
+  }
+
+  return res.status(204).json({ error: 'Logged out successfully.' });
+});
+
+module.exports = router;

routes/users.route.js

@@ -0,0 +1,75 @@
+const express = require('express');
+const router = express.Router({ mergeParams: true });
+
+const { User } = require('../models/index.js');
+
+router.get('/users', async (req, res) => {
+  const { publicKey, address } = req.query;
+
+  try {
+    const query = {};
+    if (publicKey) {
+      query.publicKey = publicKey;
+    }
+    if (address) {
+      query.address = address;
+    }
+
+    if (!publicKey && !address) {
+      return res.status(400).json({ error: 'Please provide a publicKey or address to search.' });
+    }
+
+    const users = await User.find(query);
+
+    if (users.length === 0) {
+      return res.status(404).json({ error: 'No users found matching the criteria.' });
+    }
+
+    res.json(users);
+  } catch (err) {
+    res.status(500).json({ error: 'Server error' });
+  }
+});
+
+router.post('/users', async (req, res) => {
+  try {
+    const user = new User({
+      address: req.body.address,
+      networkType: req.body.networkType,
+      profileName: req.body.profileName || 'Anonymous',
+      publicKey: req.body.publicKey
+    });
+    
+    await user.save();
+    res.status(201).json(user);
+  } catch (err) {
+    if (err.code === 11000) {
+      return res.status(400).json({ error: 'Public key already exists, are you trying to impersonate someone?' });
+    }
+    res.status(500).json({ error: 'Server error' });
+  }
+});
+
+router.put('/users/:publicKey', async (req, res) => {
+  try {
+    const updatedUser = await User.findOneAndUpdate(
+      { publicKey: req.params.publicKey },
+      {
+        address: req.body.address,
+        networkType: req.body.networkType,
+        profileName: req.body.profileName
+      },
+      { new: true }
+    );
+
+    if (!updatedUser) {
+      return res.status(404).json({ error: 'User not found' });
+    }
+
+    res.json(updatedUser);
+  } catch (err) {
+    res.status(500).json({ error: 'Server error' });
+  }
+});
+
+module.exports = router;