feat: Update message to include session uuid

2024-06-21 11:27:07 +10:00 · 2024-06-21 11:27:07 +10:00 · 9e1dfcf091
commit 9e1dfcf091
parent 1e09ca64e6
2 changed files with 10 additions and 1 deletions
--- a/website/routes.py
+++ b/website/routes.py
@ -201,6 +201,15 @@ def hnsid():
    address = request.json.get("address")
    signature = request.json.get("signature")
    message = request.json.get("message")
+
+    # Make sure message is in the correct format
+    if not message.startswith("I am signing this message to log in to HNS Login as "):
+        print("Invalid message format")
+        return jsonify({"success": False})
+    if not message.endswith(session["uuid"]):
+        print("Invalid message format")
+        return jsonify({"success": False})
+
    # Verify the signature
    msg = encode_defunct(text=message)
    signer = Account.recover_message(msg, signature=signature).lower()
--- a/website/templates/home.html
+++ b/website/templates/home.html
@ -234,7 +234,7 @@
            // Send the address to the server
            console.log('Sending address to server', address);
            // Sign a message
-            const message = 'I am signing my one-time nonce: ' + Math.floor(Math.random() * 1000000) + ' to log in to HNS Login as ' + address;
+            const message = 'I am signing this message to log in to HNS Login as ' + address + ': {{uuid}}';
            const signature = await ethereum.request({
              method: 'personal_sign',
              params: [message, address],