修改sign with etherum nonce规则, 取timestamp 5分钟内

2024-06-25 18:27:32 +08:00 · 2024-06-25 18:27:32 +08:00 · 5982af8ce6
commit 5982af8ce6
parent 8405836b69
2 changed files with 43 additions and 25 deletions
--- a/src/controllers/sign.controller.ts
+++ b/src/controllers/sign.controller.ts
@ -3,9 +3,11 @@ import { DEFAULT_EXPIRED, NonceRecord } from 'modules/NonceRecord'
 import { SiweMessage } from 'siwe'
 import { checkParamsNeeded } from 'zutils/utils/net.util'
 import { BaseController, role, ROLE_ANON, router, ZError } from 'zutils'
 import { checkNonce } from 'plats/PlatExternalWallet'
 const LOGIN_TIP = 'This signature is just to verify your identity'
 class SignController extends BaseController {
  @role(ROLE_ANON)
  @router('get /wallet/third/nonce')
@ -20,21 +22,21 @@ class SignController extends BaseController {
  async walletVerify(req, res) {
    const { signature, message } = req.params
    checkParamsNeeded(signature, message)
-    if (!message.nonce) {
+    checkNonce(message.nonce)
-      throw new ZError(11, 'Invalid nonce')
+    if (message.nonce.length === 24) {
      let record = await NonceRecord.findById(message.nonce)
      if (!record || record.status !== 0) {
        throw new ZError(12, 'nonce invalid')
      }
      if (record.expired < Date.now()) {
        throw new ZError(13, 'nonce expired')
      }
      record.status = 1
      await record.save()
    }
    let record = await NonceRecord.findById(message.nonce)
    if (!record || record.status !== 0) {
      throw new ZError(12, 'nonce invalid')
    }
    if (record.expired < Date.now()) {
      throw new ZError(13, 'nonce expired')
    }
    record.status = 1
    await record.save()
    const msgSign = new SiweMessage(message)
    try {
-      await msgSign.verify({ signature, nonce: record.id })
+      await msgSign.verify({ signature, nonce: message.nonce })
    } catch (e) {
      throw new ZError(14, 'signature invalid')
    }
--- a/src/plats/PlatExternalWallet.ts
+++ b/src/plats/PlatExternalWallet.ts
@ -7,27 +7,43 @@ import { DocumentType } from '@typegoose/typegoose'
 import { AccountClass } from 'modules/Account'
 import { Wallet } from 'modules/Wallet'
 // check if none is hex string with 24 length, or is timestamp within 5 minutes
 export const checkNonce = (nonce: string) => {
  if (!nonce) {
    throw new ZError(11, 'Invalid nonce')
  }
  // use regex to check if nonce is 24 length hex string
  if (nonce.length === 13) {
    const timestamp = parseInt(nonce)
    if (Date.now() - timestamp > 5 * 60 * 1000) {
      throw new ZError(13, 'nonce expired')
    }
  } else {
    if (!/^[0-9a-f]{24}$/.test(nonce)) {
      throw new ZError(11, 'Invalid nonce.')
    } 
  }
 }
 export class PlatExternalWallet implements IPlat {
  async verifyToken(req: any): Promise<any> {
    // here code is signature
    let { code, message } = req.params
    checkParamsNeeded(code, message)
-    if (!message.nonce) {
+    checkNonce(message.nonce)
-      throw new ZError(11, 'Invalid nonce')
+    if (message.nonce.length === 24) {
      let record = await NonceRecord.findById(message.nonce)
      if (!record || record.status !== 0) {
        throw new ZError(12, 'nonce invalid')
      }
      if (record.expired < Date.now()) {
        throw new ZError(13, 'nonce expired')
      }
      record.status = 1
      await record.save()
    }
    let record = await NonceRecord.findById(message.nonce)
    if (!record || record.status !== 0) {
      throw new ZError(12, 'nonce invalid')
    }
    if (record.expired < Date.now()) {
      throw new ZError(13, 'nonce expired')
    }
    record.status = 1
    await record.save()
    const msgSign = new SiweMessage(message)
    try {
-      await msgSign.verify({ signature: code, nonce: record.id })
+      await msgSign.verify({ signature: code, nonce: message.nonce })
    } catch (e) {
      throw new ZError(14, 'signature invalid')
    }