From 9c0792628b584dfd799b07ea69c2e3ec0a892298 Mon Sep 17 00:00:00 2001
From: Vukasin Paunovic <vukasinpaunovich@gmail.com>
Date: Fri, 23 Aug 2024 17:25:38 +0200
Subject: [PATCH] feat(#1810) - add stake key hash validation instead of wallet
 address

---
 backend/src/extensions/users-permissions/strapi-server.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/backend/src/extensions/users-permissions/strapi-server.js b/backend/src/extensions/users-permissions/strapi-server.js
index bd75834..d45a99b 100644
--- a/backend/src/extensions/users-permissions/strapi-server.js
+++ b/backend/src/extensions/users-permissions/strapi-server.js
@@ -63,7 +63,13 @@ module.exports = (plugin) => {
       const publicKey = PublicKey.from_bytes(pubKeyBytes);
       const signature = Ed25519Signature.from_bytes(decoded.signature());
       const receivedData = decoded.signed_data().to_bytes();
-      const isVerified = publicKey.verify(receivedData, signature);
+
+      // Remove network id from identifier
+			const rawKeyHash = identifier.slice(2);
+
+			const isVerified =
+				publicKey.verify(receivedData, signature) &&
+				rawKeyHash === publicKey.hash().to_hex();
 
       if (!isVerified) {
         throw new ApplicationError("Verification failed");