From 9e1dfcf091e10db60b06e1df1599bf787eaebb84 Mon Sep 17 00:00:00 2001 From: Nathan Woodburn Date: Fri, 21 Jun 2024 11:27:07 +1000 Subject: [PATCH] feat: Update message to include session uuid --- website/routes.py | 9 +++++++++ website/templates/home.html | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/website/routes.py b/website/routes.py index 0a8427c..c60dfa9 100644 --- a/website/routes.py +++ b/website/routes.py @@ -201,6 +201,15 @@ def hnsid(): address = request.json.get("address") signature = request.json.get("signature") message = request.json.get("message") + + # Make sure message is in the correct format + if not message.startswith("I am signing this message to log in to HNS Login as "): + print("Invalid message format") + return jsonify({"success": False}) + if not message.endswith(session["uuid"]): + print("Invalid message format") + return jsonify({"success": False}) + # Verify the signature msg = encode_defunct(text=message) signer = Account.recover_message(msg, signature=signature).lower() diff --git a/website/templates/home.html b/website/templates/home.html index 35514b0..7a6ad2a 100644 --- a/website/templates/home.html +++ b/website/templates/home.html @@ -234,7 +234,7 @@ // Send the address to the server console.log('Sending address to server', address); // Sign a message - const message = 'I am signing my one-time nonce: ' + Math.floor(Math.random() * 1000000) + ' to log in to HNS Login as ' + address; + const message = 'I am signing this message to log in to HNS Login as ' + address + ': {{uuid}}'; const signature = await ethereum.request({ method: 'personal_sign', params: [message, address],