Added data integrity check

bkbCodes · bkbCodes · commit ed60da7d7acb · 2023-09-02T17:21:37.000+05:30
diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/app/package.json b/packages/app/package.json
@@ -50,6 +50,7 @@
     "class-variance-authority": "^0.6.1",
     "clsx": "^1.2.1",
     "cmdk": "^0.2.0",
+    "crypto-js": "^4.1.1",
     "lucide-react": "^0.259.0",
     "next": "13.4.9",
     "next-auth": "^4.22.1",
diff --git a/packages/app/src/app/race/_components/race/race-practice.tsx b/packages/app/src/app/race/_components/race/race-practice.tsx
@@ -3,6 +3,7 @@
 import { useRouter } from "next/navigation";
 import React, { useEffect, useRef, useState } from "react";
 import { saveUserResultAction } from "../../actions";
+import CryptoJS  from 'crypto-js';
 
 // utils
 import { calculateAccuracy, calculateCPM, noopKeys } from "./utils";
@@ -96,6 +97,17 @@ export default function RacePractice({ user, snippet }: RacePracticeProps) {
           },
         ])
       );
+      
+      const uniqueKey = 'your-unique-key';
+      const data = {
+        timeTaken,
+        errors: totalErrors,
+        cpm: calculateCPM(code.length - 1, timeTaken),
+        accuracy: calculateAccuracy(code.length - 1, totalErrors),
+        snippetId: snippet.id,
+      };
+      const jsonData = JSON.stringify(data);
+      const hashedData = CryptoJS.HmacSHA256(jsonData, uniqueKey).toString();
 
       if (user) {
         saveUserResultAction({
@@ -104,6 +116,8 @@ export default function RacePractice({ user, snippet }: RacePracticeProps) {
           cpm: calculateCPM(code.length - 1, timeTaken),
           accuracy: calculateAccuracy(code.length - 1, totalErrors),
           snippetId: snippet.id,
+          data: jsonData,
+          hash: hashedData,
         })
           .then((result) => {
             router.push(`/result?resultId=${result.id}`);
diff --git a/packages/app/src/app/race/actions.ts b/packages/app/src/app/race/actions.ts
@@ -6,6 +6,7 @@ import { UnauthorizedError } from "@/lib/exceptions/custom-hooks";
 import { prisma } from "@/lib/prisma";
 import { getCurrentUser } from "@/lib/session";
 import { validatedCallback } from "@/lib/validatedCallback";
+import CryptoJS  from 'crypto-js';
 
 export const saveUserResultAction = validatedCallback({
   inputValidation: z.object({
@@ -15,6 +16,8 @@ export const saveUserResultAction = validatedCallback({
     cpm: z.number(),
     accuracy: z.number().min(0).max(100),
     snippetId: z.string(),
+    data: z.string(),
+    hash: z.string(),
   }),
   callback: async (input) => {
     const user = await getCurrentUser();
@@ -64,6 +67,15 @@ export const saveUserResultAction = validatedCallback({
       .sort((a, b) => languagesMap[b] - languagesMap[a])
       .splice(0, 3);
 
+    // verify hash:
+    const uniqueKey = 'your-unique-key';
+    const hashedData = CryptoJS.HmacSHA256(input.data, uniqueKey).toString();
+
+    if( hashedData != input.hash.toString() ){
+      console.log(input.hash.toString(), hashedData);
+      throw new Error("Invalid Request: Data tampered");
+    }
+
     return await prisma.$transaction(async (tx) => {
       const result = await tx.result.create({
         data: {
