Improved wallet authentication by adding expiring nonces, safer signa…

[MarcusMorgan-47]

This PR strengthens the backend by improving authentication security, Web3 stability, and application lifecycle handling. The following are the exact improvements and fixes :

Enhanced Authentication System (backend/app/auth.py)

Nonce Management Improvements

• Introduced time-based nonce expiration (TTL = 5 minutes)
• Implemented in-memory NONCE_STORE to track nonce and creation time
• Added clear nonce lifecycle handling to prevent replay attacks and stale nonce reuse

Message Versioning

• Added AUTH_MESSAGE_VERSION = "MLSA_AUTH_V1"
• Included version prefix in signed messages for forward compatibility

JWT Enhancements

• Added explicit JWT expiry constant (JWT_EXPIRY_SECONDS = 86400)
• Included standard JWT claims: issuer (iss) and audience (aud)
• Enforced issuer and audience validation during JWT verification

Auth Router Updates (backend/app/routers/auth.py)

• /auth/nonce now returns a versioned signing message to ensure frontend-backend consistency
• /auth/verify validates nonce existence and expiration before signature verification
• Improved error handling for missing or expired nonces
• /auth/link-wallet applies the same secure nonce lifecycle validation

Web3 / Chain Module Overhaul (backend/app/chain.py)

Connection Reliability

• Added RPC request timeout and connection validation
• Improved error reporting for unreachable RPC endpoints

Signer Improvements

• Added private key format validation (with or without 0x prefix)
• Improved error messaging for invalid private keys

New Utilities

• Chain info helpers (chain ID, block number, network name)
• Balance and gas helpers
• Transaction receipt and nonce helpers
• Address validation and checksum helpers

Application Lifecycle Management (backend/app/main.py)

• Added startup hook to initialize background tasks
• Added shutdown hook for graceful cleanup

Security Improvements

• Time-bound nonce validation
• Replay attack prevention
• Versioned signature verification
• Strict JWT expiration, issuer, and audience enforcement

Error Handling & Observability

• Structured logging across auth and chain modules
• Clear log levels for monitoring and debugging
• Improved resilience for RPC and authentication failures

[MarcusMorgan-47]

Closing this PR to fix an issue. I’ll open the PR shortly.

[MarcusMorgan-47]

removed the extra imports and some extra characters in the new commit.