Skip to content

Improve SIWE logic to use dynamic, user-specific nonce - backend #42

@joelamouche

Description

@joelamouche

This could be done at the same time as #108 or seprately. If you chose to just do the backend, let's not merge this in order to not break the code, and have the front end implementer branch out of this

Specs:

  • Add new migration to add login_nonce NUMBER column to profiles table
  • Create new get_login_nonce_by_wallet_address method in profile_repository (domain) to get a user's login nonce with their wallet address
  • Add get_login_nonce_by_wallet_address method implementation in postgres_profile_repository (infrastructure) to get a user's login nonce with their wallet address
  • Add a get_login_nonce query in the application layer
  • Add a /nonce/:wallet_address public GET endpoint and handler that uses the get_user_login_nonce
  • Update the ethereum_address_verification_service implementation (verify_signature method) to use the current nonce for the given user instead of the constant nonce - and increment the nonce (see discussion)

In next ticket #108

  • Update the frontend to call the /nonce/:wallet_address GET endpoint to get the nonce and sign it instead of the constant nonce

Metadata

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions