feat: Update message to include session uuid

website/routes.py

@@ -201,6 +201,15 @@ def hnsid():
     address = request.json.get("address")
     signature = request.json.get("signature")
     message = request.json.get("message")
+
+    # Make sure message is in the correct format
+    if not message.startswith("I am signing this message to log in to HNS Login as "):
+        print("Invalid message format")
+        return jsonify({"success": False})
+    if not message.endswith(session["uuid"]):
+        print("Invalid message format")
+        return jsonify({"success": False})
+
     # Verify the signature
     msg = encode_defunct(text=message)
     signer = Account.recover_message(msg, signature=signature).lower()

website/templates/home.html

@@ -234,7 +234,7 @@
             // Send the address to the server
             console.log('Sending address to server', address);
             // Sign a message
-            const message = 'I am signing my one-time nonce: ' + Math.floor(Math.random() * 1000000) + ' to log in to HNS Login as ' + address;
+            const message = 'I am signing this message to log in to HNS Login as ' + address + ': {{uuid}}';
             const signature = await ethereum.request({
               method: 'personal_sign',
               params: [message, address],