Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Simplify profile auth & signature flow #2012

Merged
merged 25 commits into from
Jan 30, 2024
Merged

Simplify profile auth & signature flow #2012

merged 25 commits into from
Jan 30, 2024

Conversation

Atmosfearful
Copy link
Collaborator

@Atmosfearful Atmosfearful commented Dec 11, 2023
edited
Loading

Description

As we prepare for wallet abstraction (web2 auth) this old JWT verification method should be deprecated.

Switched to a more straightforward signature + nonce approach for every request.

Old way

/verify was used to verify a users signature and mint a JWT for the session
The JWT was included in the edit requests

New way

POST and PUT requests expect an Authorization header which should include a signed message.
The string to be signed is included as a vercel env var, and will be shared with the frontend

Note

The frontend needs to be updated to consume v3.0.0 and pass the signature to the header.

QA

User with a nonce:
https://carbonmark-api-git-atmos-simplify-auth-klimadao.vercel.app/users/atmosfearful

User without a nonce (backwards compat)
https://carbonmark-api-git-atmos-simplify-auth-klimadao.vercel.app/users/jabby

@Atmosfearful Atmosfearful deployed to Preview – carbonmark-api December 11, 2023 01:10 — with GitHub Actions Active
@vercel Vercel
Copy link

vercel bot commented Dec 11, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
carbonmark ✅ Ready (Inspect) Visit Preview Jan 30, 2024 5:37am
carbonmark-api ✅ Ready (Inspect) Visit Preview Jan 30, 2024 5:37am
demo-integration ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 30, 2024 5:37am
klimadao-app ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 30, 2024 5:37am
1 Ignored Deployment
Name Status Preview Comments Updated (UTC)
carbon ⬜️ Ignored (Inspect) Visit Preview Jan 30, 2024 5:37am

biwano
biwano requested changes Dec 11, 2023
View reviewed changes
carbonmark-api/src/routes/users/post.schema.ts Outdated Show resolved Hide resolved
carbonmark-api/src/routes/users/put.ts Outdated Show resolved Hide resolved
carbonmark-api/src/routes/users/put.ts Outdated Show resolved Hide resolved
carbonmark-api/src/utils/firebase.utils.ts Outdated Show resolved Hide resolved
carbonmark-api/src/utils/firebase.utils.ts Outdated Show resolved Hide resolved
0xemc
0xemc reviewed Dec 13, 2023
View reviewed changes
carbonmark-api/src/routes/users/post.ts Outdated Show resolved Hide resolved
carbonmark-api/src/routes/users/put.ts Outdated Show resolved Hide resolved
carbonmark-api/src/app.constants.ts Outdated Show resolved Hide resolved
carbonmark-api/src/models/User.model.ts Show resolved Hide resolved
@Atmosfearful Atmosfearful deployed to Preview – carbonmark-api December 20, 2023 04:58 — with GitHub Actions Active
@Atmosfearful
Copy link
Collaborator Author

Oh no... tests pass locally but not remotely... nightmare scenario. Will look deeper tmr

@Atmosfearful Atmosfearful deployed to Preview – carbonmark-api December 20, 2023 05:06 — with GitHub Actions Active
@Atmosfearful Atmosfearful deployed to Preview – carbonmark-api December 20, 2023 05:08 — with GitHub Actions Active
@Atmosfearful Atmosfearful mentioned this pull request Jan 30, 2024
Merged
@Atmosfearful Atmosfearful changed the title Atmos/simplify auth Simplify profile auth & signature flow Jan 30, 2024
@Atmosfearful Atmosfearful deployed to Preview – carbonmark-api January 30, 2024 04:25 — with GitHub Actions Active
@Atmosfearful Atmosfearful deployed to Preview – carbonmark-api January 30, 2024 04:38 — with GitHub Actions Active
@Atmosfearful Atmosfearful deployed to Preview – carbonmark-api January 30, 2024 05:20 — with GitHub Actions Active
@Atmosfearful Atmosfearful deployed to Preview – carbonmark-api January 30, 2024 05:29 — with GitHub Actions Active
@Atmosfearful Atmosfearful deployed to Preview – carbonmark-api January 30, 2024 05:33 — with GitHub Actions Active
@Atmosfearful Atmosfearful merged commit 62f4b34 into staging Jan 30, 2024
10 checks passed
@Atmosfearful Atmosfearful deleted the atmos/simplify-auth branch January 30, 2024 06:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@0xemc 0xemc 0xemc approved these changes

@sprrwhwk sprrwhwk Awaiting requested review from sprrwhwk

@biwano biwano Awaiting requested review from biwano biwano is a code owner

Assignees
No one assigned
Labels
None yet
Projects
Sprint Planning
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Atmosfearful @0xemc @biwano @sprrwhwk