Skip to content

feat: Implement SIWE nonce-based authentication#109

Closed
tusharshah21 wants to merge 3 commits intoTheSoftwareDevGuild:mainfrom
tusharshah21:feat/siwe-nonce-auth
Closed

feat: Implement SIWE nonce-based authentication#109
tusharshah21 wants to merge 3 commits intoTheSoftwareDevGuild:mainfrom
tusharshah21:feat/siwe-nonce-auth

Conversation

@tusharshah21
Copy link
Collaborator

  • Add login_nonce column to profiles table
  • Create GET /auth/nonce/:address endpoint to fetch user nonce
  • Update signature verification to use per-user nonces
  • Auto-increment nonce after successful authentication
  • Add get_login_nonce query in application layer
  • Update all tests to support nonce functionality

This implements proper replay attack protection by ensuring
each authentication uses a unique nonce that increments after use.

Closes #42

let rows = sqlx::query!(
r#"
SELECT address, name, description, avatar_url, github_login, created_at, updated_at
SELECT address, name, description, avatar_url, github_login, login_nonce, created_at, updated_at
Copy link
Collaborator

@oscarwroche oscarwroche Oct 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Either the login nonce shouldn't be selected here, or it should be filtered out at the application level

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tusharshah21 To be more precise, edit the fields that are returned in the get_profile and get_all_profiles queries alongside the DTOs so that the login_nonce field isn't returned from the API.
Also it would be good to move get_profile and get_all_profiles to the queries folder because they belong there, not in commands (my fault !).

Copy link
Collaborator

@oscarwroche oscarwroche left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good work! You can move on to the frontend @tusharshah21 if that's OK with you - you can make a PR from a branch based on this branch into this branch (if that makes sense)

@tusharshah21
Copy link
Collaborator Author

got your point used my quantum calculator to see who is this here!
jk gotcha working as you said mate

@joelamouche
Copy link
Contributor

closed because done in #112

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Improve SIWE logic to use dynamic, user-specific nonce - backend

3 participants

Comments