From a0e56423460b9e984420a076d5a2866edf714770 Mon Sep 17 00:00:00 2001 From: Nikhil Kumar <48001923+nikhilkumar1612@users.noreply.github.com> Date: Thu, 21 Nov 2024 22:24:23 +0530 Subject: [PATCH] adding debug logs for hmac secret verification of /savekey endpoint (#148) * adding debug logs for hmac secret verification of /savekey endpoint * changing console.log to logger, package.json version change --- backend/package.json | 2 +- backend/src/routes/admin-routes.ts | 7 +++++++ backend/src/utils/crypto.ts | 6 +++++- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/backend/package.json b/backend/package.json index ea27cdd..a5d2855 100644 --- a/backend/package.json +++ b/backend/package.json @@ -1,6 +1,6 @@ { "name": "arka", - "version": "1.6.7", + "version": "1.6.8", "description": "ARKA - (Albanian for Cashier's case) is the first open source Paymaster as a service software", "type": "module", "directories": { diff --git a/backend/src/routes/admin-routes.ts b/backend/src/routes/admin-routes.ts index b4e775b..6b6ded3 100644 --- a/backend/src/routes/admin-routes.ts +++ b/backend/src/routes/admin-routes.ts @@ -107,8 +107,15 @@ const adminRoutes: FastifyPluginAsync = async (server) => { const privateKey = wallet.privateKey; const publicAddress = await wallet.getAddress(); + request.log.info(`-----------headers---------- ${JSON.stringify(request.headers)}`); + request.log.info(`-----------hmac secret---------- ${server.config.HMAC_SECRET}`); + + if(!unsafeMode) { const { 'x-signature': signature, 'x-timestamp': timestamp } = request.headers as IncomingHttpHeaders & AuthDto; + request.log.info(`-----------signature---------- ${signature}`); + request.log.info(`-----------timestamp---------- ${timestamp}`); + if(!signature || !timestamp) return reply.code(ReturnCode.NOT_AUTHORIZED).send({ error: ErrorMessage.INVALID_SIGNATURE_OR_TIMESTAMP }); if(!verifySignature(signature, request.body as string, timestamp, server.config.HMAC_SECRET)) diff --git a/backend/src/utils/crypto.ts b/backend/src/utils/crypto.ts index 302527f..b1ab64f 100644 --- a/backend/src/utils/crypto.ts +++ b/backend/src/utils/crypto.ts @@ -1,5 +1,6 @@ import crypto, { BinaryToTextEncoding } from 'crypto'; import { KmsKeyringNode, buildClient, CommitmentPolicy } from '@aws-crypto/client-node'; +import { server } from 'server'; function createDigest(encodedData: string, format: BinaryToTextEncoding, hmacSecret: string) { return crypto @@ -65,6 +66,8 @@ export async function decodeSafe(value: string, hmacSecret: string) { export function verifySignature(signature: string, data: string, timestamp: string, hmacSecret: string) { // unauthorize signature if signed before 10s or signed in future. const now = Date.now(); + server.log.info(`-----------now---------- ${now}`); + server.log.info(`-----------hmacSecret---------- ${hmacSecret}`); if( now < parseInt(timestamp) || now - parseInt(timestamp) > 10000 @@ -72,6 +75,7 @@ export function verifySignature(signature: string, data: string, timestamp: stri return false; } const computedSignature = createDigest(data + timestamp, 'hex', hmacSecret); - + server.log.info(`-----------computedSignature----------${computedSignature}`); + server.log.info(`-----------signature----------${signature} ${computedSignature === signature}`); return signature === computedSignature; }