Skip to content

Require signed auth for messages reads #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
lawyered0 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Require signed auth for messages reads #27

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 25 additions & 18 deletions apps/factory/api/routes/messages.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import {
getUser,
isFarcasterConnected,
} from '../services/farcaster'
import { requireAuth } from '../validation/access-control'

const SendMessageBodySchema = t.Object({
recipientFid: t.Number({ minimum: 1 }),
Expand All @@ -30,13 +31,14 @@ export const messagesRoutes = new Elysia({ prefix: '/api/messages' })
.get(
'/',
async ({ headers, set }) => {
const address = headers['x-wallet-address'] as Address | undefined
if (!address) {
const authResult = await requireAuth(headers, { skipNonceCheck: true })
if (!authResult.success) {
set.status = 401
return {
error: { code: 'UNAUTHORIZED', message: 'Wallet address required' },
error: { code: 'UNAUTHORIZED', message: authResult.error },
}
}
const address = authResult.address

if (!(await isFarcasterConnected(address))) {
set.status = 401
Expand Down Expand Up @@ -105,13 +107,14 @@ export const messagesRoutes = new Elysia({ prefix: '/api/messages' })
.get(
'/status',
async ({ headers, set }) => {
const address = headers['x-wallet-address'] as Address | undefined
if (!address) {
const authResult = await requireAuth(headers, { skipNonceCheck: true })
if (!authResult.success) {
set.status = 401
return {
error: { code: 'UNAUTHORIZED', message: 'Wallet address required' },
error: { code: 'UNAUTHORIZED', message: authResult.error },
}
}
const address = authResult.address

if (!(await isFarcasterConnected(address))) {
return {
Expand Down Expand Up @@ -150,13 +153,14 @@ export const messagesRoutes = new Elysia({ prefix: '/api/messages' })
.get(
'/conversation/:fid',
async ({ params, headers, set }) => {
const address = headers['x-wallet-address'] as Address | undefined
if (!address) {
const authResult = await requireAuth(headers, { skipNonceCheck: true })
if (!authResult.success) {
set.status = 401
return {
error: { code: 'UNAUTHORIZED', message: 'Wallet address required' },
error: { code: 'UNAUTHORIZED', message: authResult.error },
}
}
const address = authResult.address

if (!(await isFarcasterConnected(address))) {
set.status = 401
Expand Down Expand Up @@ -217,13 +221,14 @@ export const messagesRoutes = new Elysia({ prefix: '/api/messages' })
.get(
'/conversation/:fid/messages',
async ({ params, query, headers, set }) => {
const address = headers['x-wallet-address'] as Address | undefined
if (!address) {
const authResult = await requireAuth(headers, { skipNonceCheck: true })
if (!authResult.success) {
set.status = 401
return {
error: { code: 'UNAUTHORIZED', message: 'Wallet address required' },
error: { code: 'UNAUTHORIZED', message: authResult.error },
}
}
const address = authResult.address

if (!(await isFarcasterConnected(address))) {
set.status = 401
Expand Down Expand Up @@ -434,13 +439,14 @@ export const messagesRoutes = new Elysia({ prefix: '/api/messages' })
.get(
'/encryption-key',
async ({ headers, set }) => {
const address = headers['x-wallet-address'] as Address | undefined
if (!address) {
const authResult = await requireAuth(headers, { skipNonceCheck: true })
if (!authResult.success) {
set.status = 401
return {
error: { code: 'UNAUTHORIZED', message: 'Wallet address required' },
error: { code: 'UNAUTHORIZED', message: authResult.error },
}
}
const address = authResult.address

const publicKey = await dcService.getEncryptionPublicKey(address)

Expand Down Expand Up @@ -482,13 +488,14 @@ export const messagesRoutes = new Elysia({ prefix: '/api/messages' })
.get(
'/search/users',
async ({ query, headers, set }) => {
const address = headers['x-wallet-address'] as Address | undefined
if (!address) {
const authResult = await requireAuth(headers, { skipNonceCheck: true })
if (!authResult.success) {
set.status = 401
return {
error: { code: 'UNAUTHORIZED', message: 'Wallet address required' },
error: { code: 'UNAUTHORIZED', message: authResult.error },
}
}
const address = authResult.address

const username = query.q
if (!username) {
Expand Down
106 changes: 91 additions & 15 deletions apps/factory/web/hooks/useMessages.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,50 @@
import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query'
import { useAccount } from 'wagmi'
import { useAccount, useSignMessage } from 'wagmi'
import { API_BASE, apiFetch, apiPost, getHeaders } from '../lib/api'

type SignedReadCache = {
address: string
timestamp: number
signature: string
expiresAt: number
}

let signedReadCache: SignedReadCache | null = null

async function getSignedReadHeaders(
address: string,
signMessageAsync: (args: { message: string }) => Promise<string>,
): Promise<Record<string, string>> {
const now = Date.now()
if (
signedReadCache &&
signedReadCache.address === address &&
signedReadCache.expiresAt > now + 15_000
) {
return {
'x-jeju-address': signedReadCache.address,
'x-jeju-timestamp': String(signedReadCache.timestamp),
'x-jeju-signature': signedReadCache.signature,
}
}

const timestamp = Date.now()
const message = `Factory Auth\nTimestamp: ${timestamp}\nNonce: `
const signature = await signMessageAsync({ message })
signedReadCache = {
address,
timestamp,
signature,
expiresAt: timestamp + 4 * 60 * 1000,
}

return {
'x-jeju-address': address,
'x-jeju-timestamp': String(timestamp),
'x-jeju-signature': signature,
}
}

export interface ConversationUser {
fid: number
username: string
Expand Down Expand Up @@ -49,14 +92,16 @@ export interface MessagingStatus {

export function useMessagingStatus() {
const { address } = useAccount()
const { signMessageAsync } = useSignMessage()

return useQuery({
queryKey: ['messages', 'status', address],
queryFn: async (): Promise<MessagingStatus> => {
if (!address) {
return { connected: false, isInitialized: false, unreadCount: 0 }
}
return apiFetch('/api/messages/status', { address })
const headers = await getSignedReadHeaders(address, signMessageAsync)
return apiFetch('/api/messages/status', { headers })
},
enabled: !!address,
refetchInterval: 30_000,
Expand All @@ -66,26 +111,39 @@ export function useMessagingStatus() {

export function useConversations() {
const { address } = useAccount()
const { signMessageAsync } = useSignMessage()

return useQuery({
queryKey: ['messages', 'conversations', address],
queryFn: () =>
apiFetch<{ conversations: Conversation[] }>('/api/messages', { address }),
queryFn: async () => {
const headers = await getSignedReadHeaders(
address as string,
signMessageAsync,
)
return apiFetch<{ conversations: Conversation[] }>('/api/messages', {
headers,
})
},
enabled: !!address,
staleTime: 30_000,
})
}

export function useConversation(recipientFid: number) {
const { address } = useAccount()
const { signMessageAsync } = useSignMessage()

return useQuery({
queryKey: ['messages', 'conversation', recipientFid, address],
queryFn: () =>
apiFetch<{ conversation: Conversation } | { error: { code: string } }>(
`/api/messages/conversation/${recipientFid}`,
{ address },
),
queryFn: async () => {
const headers = await getSignedReadHeaders(
address as string,
signMessageAsync,
)
return apiFetch<
{ conversation: Conversation } | { error: { code: string } }
>(`/api/messages/conversation/${recipientFid}`, { headers })
},
enabled: !!address && !!recipientFid,
staleTime: 30_000,
})
Expand All @@ -96,6 +154,7 @@ export function useMessages(
options?: { before?: string; after?: string; limit?: number },
) {
const { address } = useAccount()
const { signMessageAsync } = useSignMessage()

return useQuery({
queryKey: ['messages', 'messages', recipientFid, options, address],
Expand All @@ -105,9 +164,13 @@ export function useMessages(
if (options?.after) params.set('after', options.after)
if (options?.limit) params.set('limit', String(options.limit))

const signedHeaders = await getSignedReadHeaders(
address as string,
signMessageAsync,
)
const response = await fetch(
`${API_BASE}/api/messages/conversation/${recipientFid}/messages?${params}`,
{ headers: getHeaders(address) },
{ headers: { ...getHeaders(address), ...signedHeaders } },
)
return response.json()
},
Expand Down Expand Up @@ -205,25 +268,38 @@ export function useReconnect() {

export function useSearchUsers(query: string) {
const { address } = useAccount()
const { signMessageAsync } = useSignMessage()

return useQuery({
queryKey: ['messages', 'search', query, address],
queryFn: () =>
apiFetch<{ users: ConversationUser[] }>(
queryFn: async () => {
const headers = await getSignedReadHeaders(
address as string,
signMessageAsync,
)
return apiFetch<{ users: ConversationUser[] }>(
`/api/messages/search/users?q=${encodeURIComponent(query)}`,
{ address },
),
{ headers },
)
},
enabled: !!address && query.length >= 2,
staleTime: 60_000,
})
}

export function useEncryptionKey() {
const { address } = useAccount()
const { signMessageAsync } = useSignMessage()

return useQuery({
queryKey: ['messages', 'encryption-key', address],
queryFn: () => apiFetch('/api/messages/encryption-key', { address }),
queryFn: async () => {
const headers = await getSignedReadHeaders(
address as string,
signMessageAsync,
)
return apiFetch('/api/messages/encryption-key', { headers })
},
enabled: !!address,
staleTime: 300_000,
})
Expand Down