Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add AuthController #1368

Merged
merged 7 commits into from
Apr 9, 2024
Merged

Add AuthController #1368

merged 7 commits into from
Apr 9, 2024

Conversation

iamacook
Copy link
Member

@iamacook iamacook commented Apr 5, 2024

Summary

This adds the AuthController as part of a test implementation for SiWe authentication, breaking down #1321 for review.

Changes

  • Add AuthModule
  • Add AuthController, enabled behind a feature flag
    • GET /v1/auth/nonce - returns nonce to be signed in SiWe message
    • POST /v1/auth/verify - verify signature and return access token
      • Add VerifyAuthMessageDtoSchema
  • Add AuthService
    • generateNonce - get nonce to include in SiWe message
    • verify - verify signature according to expiration, nonce and validity of signature
  • Appropriate test coverage for the above.

@iamacook iamacook self-assigned this Apr 5, 2024
@coveralls
Copy link

coveralls commented Apr 5, 2024
edited
Loading

Pull Request Test Coverage Report for Build 8614191593

Details

  • 65 of 67 (97.01%) changed or added relevant lines in 8 files are covered.
  • 2 unchanged lines in 2 files lost coverage.
  • Overall coverage increased (+0.2%) to 93.021%
Changes Missing Coverage Covered Lines Changed/Added Lines %
src/domain/auth/auth.repository.ts 33 35 94.29%
Files with Coverage Reduction New Missed Lines %
src/routes/transactions/entities/tests/human-description.builder.ts 1 90.0%
src/routes/transactions/mappers/common/transaction-info.mapper.ts 1 73.98%
Totals Coverage Status
Change from base Build 8566552617: 0.2%
Covered Lines: 6640
Relevant Lines: 6875
💛 - Coveralls

@iamacook iamacook mentioned this pull request Apr 5, 2024
Merged
@iamacook iamacook marked this pull request as ready for review April 5, 2024 09:08
@iamacook iamacook requested a review from a team as a code owner April 5, 2024 09:08
@fmrsabino fmrsabino added the in review Someone is reviewing this Pull Request label Apr 8, 2024
fmrsabino
fmrsabino suggested changes Apr 8, 2024
View reviewed changes
src/routes/auth/auth.service.ts Outdated Show resolved Hide resolved
src/routes/auth/auth.service.ts Outdated Show resolved Hide resolved
src/routes/auth/auth.controller.ts Outdated Show resolved Hide resolved
src/routes/auth/auth.controller.ts Outdated Show resolved Hide resolved
src/routes/auth/auth.service.ts Outdated Show resolved Hide resolved
src/routes/auth/auth.service.ts Outdated Show resolved Hide resolved
src/routes/auth/auth.service.ts Show resolved Hide resolved
src/config/entities/configuration.ts Outdated
Comment on lines 20 to 22
nonceTtlSeconds: parseInt(
process.env.AUTH_NONCE_TTL_SECONDS ?? `${60 * 60}`,
),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reference or recommended minimum value from the spec?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, this is an arbitrary value. It is effectively the period when a user should sign the message. Do you think we should decrease it?

I considered setting it to the expirationTime but that value is not always present and the nonce is cleared if the message is expired.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As per discussion, this was reduced to five minutes in 8c6934c.

@fmrsabino fmrsabino removed the in review Someone is reviewing this Pull Request label Apr 8, 2024
fmrsabino
fmrsabino suggested changes Apr 8, 2024
View reviewed changes
src/routes/auth/auth.service.ts Show resolved Hide resolved
src/routes/auth/auth.service.ts Outdated Show resolved Hide resolved
src/routes/auth/auth.service.ts Outdated Show resolved Hide resolved
src/routes/auth/auth.service.ts Outdated Show resolved Hide resolved
@iamacook iamacook requested a review from fmrsabino April 8, 2024 14:16
@hectorgomezv hectorgomezv added the in review Someone is reviewing this Pull Request label Apr 8, 2024
hectorgomezv
hectorgomezv approved these changes Apr 8, 2024
View reviewed changes
src/domain/auth/auth.repository.ts Outdated
Comment on lines 131 to 132
// Don't prevent nonce from being deleted
.catch(() => false);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nitpick: wdyt about using a try-catch-finally block here? The nonce deletion seems to fit in a finally clause at it needs to be always executed, and we can also have specific errors for each condition (expired, invalid nonce, invalid signature) that could be managed in a catch block.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Refactored in 0ce0207.

@hectorgomezv hectorgomezv removed the in review Someone is reviewing this Pull Request label Apr 8, 2024
fmrsabino
fmrsabino reviewed Apr 9, 2024
View reviewed changes
src/domain/auth/auth.repository.ts Outdated Show resolved Hide resolved
src/domain/auth/auth.repository.ts Outdated Show resolved Hide resolved
src/routes/auth/entities/schemas/verify-auth-message.dto.ts Outdated Show resolved Hide resolved
@iamacook iamacook requested a review from fmrsabino April 9, 2024 10:26
fmrsabino
fmrsabino approved these changes Apr 9, 2024
View reviewed changes
Copy link
Contributor

@fmrsabino fmrsabino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀 👏

@iamacook iamacook merged commit 057b314 into main Apr 9, 2024
16 checks passed
@iamacook iamacook deleted the auth-controller branch April 9, 2024 11:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fmrsabino fmrsabino fmrsabino approved these changes

@hectorgomezv hectorgomezv Awaiting requested review from hectorgomezv

Assignees

@iamacook iamacook

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@iamacook @coveralls @fmrsabino @hectorgomezv