Add SIWE as auth option (separate endpoint) and clippy fixes

Author: crypdoughdoteth

Diff for: src/main.rs

@@ -23,6 +23,7 @@ use axum::{
 };
 use database::types::Database;
 use dotenvy::dotenv;
+use routes::login::user_login_siwe;
 use routes::payment::process_ethereum_payment;
 use routes::siwe::{get_siwe_nonce, siwe_add_wallet};
 use tokio::net::TcpListener;
@@ -84,6 +85,7 @@ async fn main() {
         .route("/api/register", post(register_user))
         .route("/api/activate", post(activate_account))
         .route("/api/login", post(user_login))
+        .route("/api/login/siwe", post(user_login_siwe))
         .route("/api/recovery", post(update_password))
         .route("/api/recovery/:email", get(recover_password_email))
         .merge(api_keys)
@@ -98,3 +100,4 @@ async fn main() {
 
 // todo: 
 // - SIWE login route (instead of email + pw)
+// - Deploy sepolia contracts for Saul

Diff for: src/routes/login.rs

@@ -1,9 +1,15 @@
-use super::types::{Claims, JWT_KEY};
-use crate::database::{
-    errors::ParsingError,
-    types::{Customers, RELATIONAL_DATABASE, Role},
+use super::{
+    siwe::Siwe,
+    types::{Claims, JWT_KEY},
 };
-use alloy::primitives::Address;
+use crate::{
+    database::{
+        errors::ParsingError,
+        types::{Customers, RELATIONAL_DATABASE, Role},
+    },
+    eth_rpc::types::ETHEREUM_ENDPOINT,
+};
+use alloy::{primitives::Address, providers::ProviderBuilder};
 use argon2::{Argon2, PasswordHash, PasswordVerifier};
 use axum::{
     Json,
@@ -12,14 +18,74 @@ use axum::{
 };
 use jwt_simple::{algorithms::MACLike, reexports::coarsetime::Duration};
 use serde::{Deserialize, Serialize};
+use siwe::{Message, VerificationError, VerificationOpts};
 use thiserror::Error;
+use time::OffsetDateTime;
 
 #[derive(Serialize, Deserialize, Clone, Debug)]
 pub struct LoginRequest {
     pub(crate) email: String,
     pub(crate) password: String,
 }
 
+pub struct SiweLogin {
+    pub email: String,
+    pub wallet: Option<String>,
+    pub role: Role,
+    pub nonce: Option<String>,
+}
+
+#[tracing::instrument]
+pub async fn user_login_siwe(Json(payload): Json<Siwe>) -> Result<impl IntoResponse, LoginError> {
+    let msg: Message = payload.message.parse()?;
+    let address = Address::new(msg.address);
+
+    let customer = sqlx::query_as!(
+        SiweLogin,
+        r#"SELECT email, wallet, nonce, role as "role!: Role" FROM Customers where wallet = $1"#,
+        address.to_string(),
+    )
+    .fetch_optional(RELATIONAL_DATABASE.get().unwrap())
+    .await?
+    .ok_or_else(|| LoginError::InvalidAddress)?;
+
+    let nonce = customer.nonce.ok_or_else(|| LoginError::MissingNonce)?;
+
+    let rpc = ProviderBuilder::new().on_http(ETHEREUM_ENDPOINT[0].as_str().parse().unwrap());
+
+    let verification_opts = VerificationOpts {
+        domain: Some("Developer DAO Cloud".parse().unwrap()),
+        nonce: Some(nonce),
+        timestamp: Some(OffsetDateTime::now_utc()),
+        rpc_provider: Some(rpc),
+    };
+
+    msg.verify(&payload.signature, &verification_opts).await?;
+
+    let user_info = Claims {
+        role: customer.role,
+        email: customer.email,
+        wallet: Some(address),
+    };
+    let claims = jwt_simple::claims::Claims::with_custom_claims(user_info, Duration::from_hours(2));
+    let key = JWT_KEY.get().unwrap();
+    let auth = key.authenticate(claims)?;
+
+    let mut headers = HeaderMap::new();
+    headers.insert(
+        SET_COOKIE,
+        HeaderValue::from_str(&format!("jwt={}", auth)).unwrap(),
+    );
+    headers.append(SET_COOKIE, HeaderValue::from_str("Secure").unwrap());
+    headers.append(SET_COOKIE, HeaderValue::from_str("HttpOnly").unwrap());
+    headers.append(
+        SET_COOKIE,
+        HeaderValue::from_str("SameSite=Strict").unwrap(),
+    );
+
+    Ok((StatusCode::OK, headers))
+}
+
 #[tracing::instrument]
 pub async fn user_login(
     Json(payload): Json<LoginRequest>,
@@ -71,6 +137,10 @@ pub async fn user_login(
 
 #[derive(Debug, Error)]
 pub enum LoginError {
+    #[error(transparent)]
+    VerificationError(#[from] VerificationError),
+    #[error("User did not generate nonce")]
+    MissingNonce,
     #[error("The email or password you provided is invalid.")]
     InvalidEmailOrPassword,
     #[error(transparent)]
@@ -85,6 +155,10 @@ pub enum LoginError {
     AddressParsingError(#[from] ParsingError),
     #[error(transparent)]
     BuilderResponseError(#[from] axum::http::Error),
+    #[error("No account found for address")]
+    InvalidAddress,
+    #[error(transparent)]
+    ParseError(#[from] siwe::ParseError),
 }
 
 impl IntoResponse for LoginError {

Diff for: src/routes/payment.rs

@@ -27,17 +27,6 @@ use thiserror::Error;
 use tokio::task::JoinError;
 use tracing::info;
 
-// const TOKENS_SUPPORTED: [&str; 8] = [
-//     "0x0b2C639c533813f4Aa9D7837CAf62653d097Ff85",
-//     "0x7F5c764cBc14f9669B88837ca1490cCa17c31607",
-//     "0xaf88d065e77c8cC2239327C5EDb3A432268e5831",
-//     "0xFF970A61A04b1cA14834A43f5dE4533eBDDB5CC8",
-//     "0x7ceB23fD6bC0adD59E62ac25578270cFf1b9f619",
-//     "0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359",
-//     "0x2791Bca1f2de4661ED88A30C99A7a9449Aa84174",
-//     "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
-// ];
-
 #[derive(Serialize, Deserialize, Debug)]
 pub struct PriceData {
     data: AssetData,
@@ -134,13 +123,10 @@ pub async fn process_ethereum_payment(
     } else {
         ETHEREUM_ENDPOINT
             .iter()
-            .find(|e| match (e, payload.chain) {
-                (crate::eth_rpc::types::InternalEndpoints::Optimism(_), Chain::Optimism) => true,
-                (crate::eth_rpc::types::InternalEndpoints::Arbitrum(_), Chain::Arbitrum) => true,
-                (crate::eth_rpc::types::InternalEndpoints::Polygon(_), Chain::Polygon) => true,
-                (crate::eth_rpc::types::InternalEndpoints::Base(_), Chain::Base) => true,
-                _ => false,
-            })
+            .find(|e| matches!((e, payload.chain), (crate::eth_rpc::types::InternalEndpoints::Optimism(_), Chain::Optimism) |
+                (crate::eth_rpc::types::InternalEndpoints::Arbitrum(_), Chain::Arbitrum) |
+                (crate::eth_rpc::types::InternalEndpoints::Polygon(_), Chain::Polygon) |
+                (crate::eth_rpc::types::InternalEndpoints::Base(_), Chain::Base)))
             .ok_or_else(|| PaymentError::InvalidNetwork)?
             .as_str()
     };
@@ -151,7 +137,7 @@ pub async fn process_ethereum_payment(
 
     let res: tokio::task::JoinHandle<Result<Transaction, PaymentError>> = {
         tokio::spawn(async move {
-            let eth = reqwest::Url::parse(&endpoint).unwrap();
+            let eth = reqwest::Url::parse(endpoint).unwrap();
             let provider = ProviderBuilder::new().on_http(eth);
             provider
                 .get_transaction_by_hash(FixedBytes::from(&fixed))
@@ -162,7 +148,7 @@ pub async fn process_ethereum_payment(
 
     let receipt: tokio::task::JoinHandle<Result<TransactionReceipt, PaymentError>> = {
         tokio::spawn(async move {
-            let eth = reqwest::Url::parse(&endpoint).unwrap();
+            let eth = reqwest::Url::parse(endpoint).unwrap();
             let provider = ProviderBuilder::new().on_http(eth);
             provider
                 .get_transaction_receipt(FixedBytes::from(&fixed))
@@ -173,7 +159,7 @@ pub async fn process_ethereum_payment(
 
     let last_safe_block: tokio::task::JoinHandle<Result<u64, PaymentError>> = {
         tokio::spawn(async move {
-            let eth = reqwest::Url::parse(&endpoint).unwrap();
+            let eth = reqwest::Url::parse(endpoint).unwrap();
             let provider = ProviderBuilder::new().on_http(eth);
             provider
                 .get_block(BlockId::safe(), BlockTransactionsKind::Full)
@@ -203,7 +189,7 @@ pub async fn process_ethereum_payment(
 
     let res: &Transaction = &res??;
 
-    if jwt.custom.wallet.is_some_and(|e| res.from == e) == false {
+    if jwt.custom.wallet.is_none_or(|e| res.from == e) {
         Err(PaymentError::SenderWalletMismatch)?
     }
 

Diff for: src/routes/siwe.rs

@@ -16,8 +16,8 @@ use super::types::Claims;
 
 #[derive(Debug, Serialize, Deserialize)]
 pub struct Siwe {
-    message: String,
-    signature: Vec<u8>,
+    pub message: String,
+    pub signature: Vec<u8>,
 }
 
 #[derive(FromRow)]
@@ -29,7 +29,7 @@ pub async fn siwe_add_wallet(
     Extension(jwt): Extension<JWTClaims<Claims>>,
     Json(payload): Json<Siwe>,
 ) -> Result<impl IntoResponse, SiweError> {
-    let msg: Message = payload.message.parse().unwrap();
+    let msg: Message = payload.message.parse()?;
 
     let nonce = sqlx::query_as!(
         Nonce,
@@ -87,6 +87,8 @@ pub enum SiweError {
     IncorrectNonce,
     #[error("An error ocurred while querying the database")]
     QueryError(#[from] sqlx::Error),
+    #[error(transparent)]
+    ParseError(#[from] siwe::ParseError),
 }
 
 impl IntoResponse for SiweError {