We don't warn/explain it anywhere
|
/** |
|
* @notice Helper function to decrypt, decode and validate a token |
|
* @dev Performs token decoding as well as domain and validation |
|
* @param token The authentication token |
|
* @return The decoded and validated AuthToken struct |
|
*/ |
|
function decodeAndValidateToken(bytes memory token) |
|
internal |
|
view |
|
virtual |
|
returns (AuthToken memory) |
|
{ |
|
bytes memory authTokenEncoded = Sapphire.decrypt( |
|
_authTokenEncKey, |
|
0, |
|
token, |
|
"" |
|
); |
|
AuthToken memory b = abi.decode(authTokenEncoded, (AuthToken)); |
|
|
|
// Validate domain |
|
if (keccak256(bytes(b.domain)) != keccak256(bytes(_domain))) { |
|
revert SiweAuth_DomainMismatch(); |
|
} |
|
|
|
// Validate expiry |
|
if (b.validUntil < block.timestamp) { |
|
revert SiweAuth_Expired(); |
|
} |
|
|
|
return b; |
|
} |
this probably shouldn't auto-generate random nonces:
|
const siweMsg = new SiweMessage({ |
|
domain, |
|
address: addr, // User's selected account address. |
|
uri: `http://${domain}`, |
|
version: "1", |
|
chainId: 0x5aff, // Sapphire Testnet |
|
}).toMessage(); |
my preference is Nonce: noReplayProtection, like in https://rose.oasis.io/move
