Skip to content

feat: Implement SIWE nonce-based authentication#109

Closed
tusharshah21 wants to merge 3 commits intoTheSoftwareDevGuild:mainfrom
tusharshah21:feat/siwe-nonce-auth
Closed

feat: Implement SIWE nonce-based authentication#109
tusharshah21 wants to merge 3 commits intoTheSoftwareDevGuild:mainfrom
tusharshah21:feat/siwe-nonce-auth

Conversation

@tusharshah21
Copy link
Collaborator

@tusharshah21 tusharshah21 commented Oct 10, 2025

  • Add login_nonce column to profiles table
  • Create GET /auth/nonce/:address endpoint to fetch user nonce
  • Update signature verification to use per-user nonces
  • Auto-increment nonce after successful authentication
  • Add get_login_nonce query in application layer
  • Update all tests to support nonce functionality

This implements proper replay attack protection by ensuring
each authentication uses a unique nonce that increments after use.

Closes #42

oscarwroche
oscarwroche reviewed Oct 10, 2025
View reviewed changes
backend/src/infrastructure/repositories/postgres_profile_repository.rs Outdated
let rows = sqlx::query!(
r#"
SELECT address, name, description, avatar_url, github_login, created_at, updated_at
SELECT address, name, description, avatar_url, github_login, login_nonce, created_at, updated_at
Copy link
Collaborator

@oscarwroche oscarwroche Oct 10, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Either the login nonce shouldn't be selected here, or it should be filtered out at the application level

Copy link
Collaborator

@oscarwroche oscarwroche Oct 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tusharshah21 To be more precise, edit the fields that are returned in the get_profile and get_all_profiles queries alongside the DTOs so that the login_nonce field isn't returned from the API.
Also it would be good to move get_profile and get_all_profiles to the queries folder because they belong there, not in commands (my fault !).

oscarwroche
oscarwroche reviewed Oct 10, 2025
View reviewed changes
Copy link
Collaborator

@oscarwroche oscarwroche left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good work! You can move on to the frontend @tusharshah21 if that's OK with you - you can make a PR from a branch based on this branch into this branch (if that makes sense)

@tusharshah21
Copy link
Collaborator Author

tusharshah21 commented Oct 11, 2025

got your point used my quantum calculator to see who is this here!
jk gotcha working as you said mate

@joelamouche
Copy link
Contributor

joelamouche commented Oct 17, 2025

closed because done in #112

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@oscarwroche oscarwroche oscarwroche left review comments

@joelamouche joelamouche Awaiting requested review from joelamouche joelamouche is a code owner

@Teddy1792 Teddy1792 Awaiting requested review from Teddy1792 Teddy1792 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Improve SIWE logic to use dynamic, user-specific nonce - backend

3 participants

@tusharshah21 @joelamouche @oscarwroche

Comments