Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion lib/trait-validator.ts
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ export interface ValidationResult {
*/
function parseTraitsFromMessage(message: string): { provider: string; traits: TraitRequirement } | null {
// Extract resources section from SIWE message
const resourcesMatch = message.match(/Resources:\s*\n((?:- .+\n)+)/);
const resourcesMatch = message.match(/Resources:\s*\n((?:- .+(?:\n|$))+)/);
if (!resourcesMatch) {
return null;
}
Expand Down
25 changes: 11 additions & 14 deletions pages/api/coinbase/verify-token.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ import { NextApiRequest, NextApiResponse } from "next";
import { config } from "../../../lib/config";
import prisma from "../../../lib/prisma";
import { validateTraits } from "../../../lib/trait-validator";
import { SiweMessage } from "siwe";

export default async function handler(
req: NextApiRequest,
Expand All @@ -21,6 +22,16 @@ export default async function handler(
});
}

// Parse SIWE message to get address
let siweMessage: SiweMessage;
try {
siweMessage = new SiweMessage(message);
} catch (e) {
return res.status(400).json({ error: "Invalid SIWE message" });
}

const walletAddress = siweMessage.address;

// Define expected trait requirements for Coinbase verification
// This MUST match what the frontend generates
const expectedTraits = {
Expand Down Expand Up @@ -108,22 +119,8 @@ export default async function handler(

// Store the verification data in the database
try {
// Extract user data from verification response
const addressMatch = message.match(/0x[a-fA-F0-9]{40}/);
const walletAddress = addressMatch ? addressMatch[0] : "";

console.log("Extracted wallet address:", walletAddress);

if (!walletAddress) {
console.error(
"Failed to extract wallet address from message:",
message
);
return res.status(400).json({
error: "Could not extract wallet address from message",
});
}

console.log("Attempting to store user in database:", walletAddress);

// Enforce uniqueness of the base verify token before writing
Expand Down
30 changes: 17 additions & 13 deletions pages/api/verify-token.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ import { NextApiRequest, NextApiResponse } from 'next';
import { config } from '../../lib/config';
import prisma from '../../lib/prisma';
import { validateTraits } from '../../lib/trait-validator';
import { SiweMessage } from 'siwe';

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
if (req.method !== 'POST') {
Expand All @@ -18,14 +19,28 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
});
}

// Define expected trait requirements for X verification
// Parse SIWE message to get address and provider
let siweMessage: SiweMessage;
try {
siweMessage = new SiweMessage(message);
} catch (e) {
return res.status(400).json({ error: 'Invalid SIWE message' });
}

const walletAddress = siweMessage.address;

// Define expected trait requirements for verification
// This MUST match what the frontend generates
const expectedTraits = {
'verified': 'true'
};

// Extract provider from message or default to 'x'
const providerMatch = message.match(/urn:verify:provider:([^:\s\n]+)/);
const provider = providerMatch ? providerMatch[1] : 'x';

// Validate that the message contains the expected trait requirements
const validation = validateTraits(message, 'x', expectedTraits);
const validation = validateTraits(message, provider, expectedTraits);

if (!validation.valid) {
console.error('Trait validation failed:', validation.error);
Expand Down Expand Up @@ -101,19 +116,8 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)

// Store the verification data in the database
try {
// Extract user data from verification response
const addressMatch = message.match(/0x[a-fA-F0-9]{40}/);
const walletAddress = addressMatch ? addressMatch[0] : '';

console.log('Extracted wallet address:', walletAddress);

if (!walletAddress) {
console.error('Failed to extract wallet address from message:', message);
return res.status(400).json({
error: 'Could not extract wallet address from message'
});
}

console.log('Attempting to store user in database:', walletAddress);

// Enforce uniqueness of the base verify token before writing
Expand Down