Merge pull request #626 from TokenScript/OH_UN_flow_solana

nicktaras · web-flow · commit 9a06d59958b9 · 2023-04-12T13:47:31.000+10:00
feat: 🎸 added sign/verify for flow and solana, fixes
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -42,6 +42,7 @@
   "homepage": "https://github.com/TokenScript/token-negotiator#readme",
   "dependencies": {
     "@onflow/fcl": "^1.3.2",
+    "@onflow/types": "^1.0.5",
     "@peculiar/asn1-schema": "^2.2.0",
     "@tokenscript/attestation": "0.4.3",
     "@toruslabs/torus-embed": "^1.25.0",
@@ -51,6 +52,7 @@
     "ethers": "^5.4.0",
     "pvutils": "^1.0.17",
     "text-encoding": "^0.7.0",
+    "tweetnacl": "^1.0.3",
     "web3-eth-accounts": "^1.7.4"
   },
   "devDependencies": {
diff --git a/src/client/auth/signedUNChallenge.ts b/src/client/auth/signedUNChallenge.ts
@@ -2,6 +2,7 @@ import { AbstractAuthentication, AuthenticationMethod, AuthenticationResult } fr
 import { AuthenticateInterface, OffChainTokenConfig, OnChainTokenConfig } from '../interface'
 import { SafeConnectProvider } from '../../wallet/SafeConnectProvider'
 import { UN, UNInterface } from './util/UN'
+import { logger } from '../../utils'
 
 export class SignedUNChallenge extends AbstractAuthentication implements AuthenticationMethod {
 	TYPE = 'signedUN'
@@ -15,25 +16,30 @@ export class SignedUNChallenge extends AbstractAuthentication implements Authent
 		let web3WalletProvider = await this.client.getWalletProvider()
 
 		// TODO: Update once Flow & Solana signing support is added
-		if (web3WalletProvider.getConnectedWalletData('evm').length === 0) {
+		let connection = web3WalletProvider.getSingleSignatureCompatibleConnection();
+		if (!connection) {
 			throw new Error('WALLET_REQUIRED')
 		}
 
-		let address = web3WalletProvider.getConnectedWalletAddresses('evm')[0]
+		let address = connection.address
+
+		if (!address) {
+			throw new Error('WALLET_ADDRESS_REQUIRED')
+		}
 
 		let currentProof: AuthenticationResult | null = this.getSavedProof(address)
 
 		if (currentProof) {
 			let unChallenge = currentProof?.data as UNInterface
 
-			if (unChallenge.expiration < Date.now() || UN.recoverAddress(unChallenge) !== address.toLowerCase()) {
+			if (unChallenge.expiration < Date.now() || !UN.verifySignature(unChallenge)) {
 				this.deleteProof(address)
 				currentProof = null
 			}
 		}
 
 		if (!currentProof) {
-			let walletConnection = web3WalletProvider.getWalletProvider(address)
+			let walletConnection = connection.provider
 
 			currentProof = {
 				type: this.TYPE,
@@ -46,8 +52,10 @@ export class SignedUNChallenge extends AbstractAuthentication implements Authent
 			let endpoint = request.options?.unEndPoint ?? SignedUNChallenge.DEFAULT_ENDPOINT
 
 			const challenge = await UN.getNewUN(endpoint)
+			challenge.address = address
 			let signature
 
+			logger(2, 'challenge', challenge)
 			if (walletConnection instanceof SafeConnectProvider) {
 				signature = await walletConnection.signUNChallenge(challenge)
 			} else {
@@ -56,14 +64,11 @@ export class SignedUNChallenge extends AbstractAuthentication implements Authent
 
 			// Check that recovered address matches the signature of the requested address
 			challenge.signature = signature
-			let recoveredAddr = UN.recoverAddress(challenge)
-
-			if (recoveredAddr !== address.toLowerCase()) {
+			challenge.blockchain = connection.blockchain
+			if (!(await UN.verifySignature(challenge))) {
 				throw new Error('Address signature is invalid')
 			}
 
-			challenge.address = recoveredAddr
-
 			currentProof.data = challenge
 
 			this.saveProof(address, currentProof)
diff --git a/src/client/auth/util/UN.ts b/src/client/auth/util/UN.ts
@@ -1,4 +1,7 @@
 import { ethers } from 'ethers'
+import { sign } from 'tweetnacl'
+import { base58ToUint8Array, hexStringToUint8Array, strToHexStr, strToUtfBytes } from '../../../utils'
+import * as flowTypes from '@onflow/types'
 
 export interface UNInterface {
 	expiration: number
@@ -8,6 +11,7 @@ export interface UNInterface {
 	messageToSign: string
 	address?: string
 	signature?: string
+	blockchain?: string
 }
 
 export class UN {
@@ -21,12 +25,73 @@ export class UN {
 		}
 	}
 
-	public static recoverAddress(un: UNInterface) {
+	public static async verifySignature(un: UNInterface) {
 		if (!un.signature) throw new Error('Null signature')
 
-		const msgHash = ethers.utils.hashMessage(un.messageToSign)
-		const msgHashBytes = ethers.utils.arrayify(msgHash)
-		return ethers.utils.recoverAddress(msgHashBytes, un.signature).toLowerCase()
+		if (un.blockchain === 'solana') {
+			return await sign.detached.verify(
+				strToUtfBytes(un.messageToSign),
+				hexStringToUint8Array(un.signature),
+				base58ToUint8Array(un.address),
+			)
+		} else if (un.blockchain === 'flow') {
+			const flowProvider = await import('../../../wallet/FlowProvider')
+			const fcl = flowProvider.getFlowProvider()
+
+			try {
+				const response = await fcl
+					.send([
+						fcl.script`
+        pub fun main(address: Address, sig: String, msg: String): Bool {
+            let account = getAccount(address)
+            let sig = sig.decodeHex()
+            let msg = msg.decodeHex()
+            let isValid = false
+            var keyNumber = account.keys.count
+            var res: Bool = false
+            while keyNumber > 0 {
+                let accountKey = account.keys.get(keyIndex: Int(keyNumber - 1)) ?? panic("This keyIndex does not exist in this account")
+                let key = accountKey.publicKey
+                if key.verify(
+                    signature: sig, 
+                    signedData: msg, 
+                    domainSeparationTag: "FLOW-V0.0-user", 
+                    hashAlgorithm: HashAlgorithm.SHA3_256
+                ) {
+                    res = true
+                    break
+                }
+                keyNumber = keyNumber - 1
+            }
+            return res
+        }
+        `,
+						fcl.args([
+							fcl.arg(un.address, flowTypes.Address),
+							fcl.arg(un.signature, flowTypes.String),
+							fcl.arg(strToHexStr(un.messageToSign), flowTypes.String),
+						]),
+					])
+					.then(fcl.decode)
+				if (response) {
+					return true
+				}
+			} catch (e) {
+				console.log('Flow address recover error')
+			}
+			return false
+		} else if (!un.blockchain || un.blockchain === 'evm') {
+			const msgHash = ethers.utils.hashMessage(un.messageToSign)
+			const msgHashBytes = ethers.utils.arrayify(msgHash)
+			let recoveredAddr = ethers.utils.recoverAddress(msgHashBytes, un.signature).toLowerCase()
+			if (recoveredAddr === un.address.toLowerCase()) {
+				return true
+			}
+		} else {
+			throw new Error(`Blockchain "${un.blockchain}" not supported`)
+		}
+		// we should not be here
+		return false
 	}
 
 	public static async validateChallenge(endPoint: string, data: UNInterface) {
diff --git a/src/client/interface.ts b/src/client/interface.ts
@@ -4,7 +4,9 @@ import { SafeConnectOptions } from '../wallet/SafeConnectProvider'
 import { BrowserDataInterface } from '../utils/support/isSupported'
 import { WalletConnection } from '../wallet/Web3WalletProvider'
 
+// add new blockchain to both rows
 export type SupportedBlockchainsParam = 'evm' | 'flow' | 'solana'
+export const SignatureSupportedBlockchainsParamList = ['evm', 'flow', 'solana']
 
 export interface OffChainTokenConfig extends IssuerConfigInterface {
 	onChain: false
diff --git a/src/outlet/auth-handler.ts b/src/outlet/auth-handler.ts
@@ -304,6 +304,7 @@ export class AuthHandler {
 		iframe.src = this.attestationOrigin ?? ''
 		iframe.style.width = '800px'
 		iframe.style.height = '800px'
+		iframe.style.maxHeight = '100vh'
 		iframe.style.maxWidth = '100%'
 		iframe.style.background = '#fff'
 
diff --git a/src/outlet/index.ts b/src/outlet/index.ts
@@ -43,7 +43,7 @@ export interface OutletInterface {
 export const defaultConfig = {
 	tokenUrlName: 'ticket',
 	tokenSecretName: 'secret',
-	tokenIdName: 'id',
+	tokenIdName: 'mail',
 	unsignedTokenDataName: 'ticket',
 	itemStorageKey: 'dcTokens',
 	signedTokenWhitelist: [],
diff --git a/src/utils/index.ts b/src/utils/index.ts
@@ -85,14 +85,7 @@ export const waitForElementToExist = (selector: string): Promise<Element> => {
 
 export type ErrorType = 'warning' | 'info' | 'error'
 
-export const errorHandler = (
-	error: any,
-	type: ErrorType,
-	action?: Function | null,
-	data?: unknown,
-	log = true,
-	throwError = false,
-) => {
+export const errorHandler = (error: any, type: ErrorType, action?: Function | null, data?: unknown, log = true, throwError = false) => {
 	let errorMsg
 
 	if (typeof error === 'object') {
@@ -139,11 +132,7 @@ export const tokenRequest = async (query: string, silenceRequestError: boolean)
  * @param additionalParams
  * @param namespace
  */
-export const removeUrlSearchParams = (
-	params: URLSearchParams,
-	additionalParams: string[] = [],
-	namespace: string | null = URLNS,
-) => {
+export const removeUrlSearchParams = (params: URLSearchParams, additionalParams: string[] = [], namespace: string | null = URLNS) => {
 	if (namespace)
 		for (let key of Array.from(params.keys())) {
 			// Iterator needs to be converted to array since we are deleting keys
@@ -156,3 +145,54 @@ export const removeUrlSearchParams = (
 
 	return params
 }
+
+export const base58ToUint8Array = (base58String) => {
+	const alphabet = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
+	const base = alphabet.length
+	const bytes = [0]
+	for (let i = 0; i < base58String.length; i++) {
+		const char = base58String[i]
+		const charIndex = alphabet.indexOf(char)
+		if (charIndex === -1) throw new Error(`Invalid Base58 character '${char}'`)
+		for (let j = 0; j < bytes.length; j++) bytes[j] *= base
+		bytes[0] += charIndex
+		let carry = 0
+		for (let j = 0; j < bytes.length; j++) {
+			bytes[j] += carry
+			carry = bytes[j] >> 8
+			bytes[j] &= 0xff
+		}
+		while (carry) {
+			bytes.push(carry & 0xff)
+			carry >>= 8
+		}
+	}
+	return new Uint8Array(bytes.reverse())
+}
+
+export const strToHexStr = (str: string): string => {
+	if (typeof Buffer !== 'undefined') {
+		return Buffer.from(str).toString('hex')
+	} else {
+		return Array.from(strToUtfBytes(str))
+			.map((b) => b.toString(16).padStart(2, '0'))
+			.join('')
+	}
+}
+
+export const strToUtfBytes = (str: string): Uint8Array => {
+	const encoder = new TextEncoder()
+	return encoder.encode(str)
+}
+
+export const hexStringToUint8Array = (hexString: string): Uint8Array => {
+	if (hexString.length % 2 === 1) {
+		throw new Error('Wrong Hex String')
+	}
+	const uint8Array = new Uint8Array(hexString.length / 2)
+
+	for (let i = 0; i < hexString.length; i += 2) {
+		uint8Array[i / 2] = parseInt(hexString.slice(i, i + 2), 16)
+	}
+	return uint8Array
+}
diff --git a/src/wallet/Web3WalletProvider.ts b/src/wallet/Web3WalletProvider.ts
diff --git a/src/wallet/__test__/wallet.spec.ts b/src/wallet/__test__/wallet.spec.ts
