wip: sign message

sdqede · sdqede · commit 9df684536b3f · 2025-06-10T17:13:27.000+12:00
diff --git a/templates/chain-template/pages/api/verify-signature.ts b/templates/chain-template/pages/api/verify-signature.ts
@@ -108,46 +108,82 @@ export default function handler(
 function verifyEthereumSignature(message: string, signature: string, expectedAddress: string): boolean {
   try {
     const secp256k1 = require('secp256k1');
-    const { keccak256 } = require('keccak');
-
-    // Ethereum personal sign message format
-    const prefix = '\x19Ethereum Signed Message:\n';
-    const prefixedMessage = prefix + message.length + message;
-    
-    // Hash the prefixed message
-    const messageHash = keccak256(Buffer.from(prefixedMessage, 'utf8'));
-    
-    // Remove 0x prefix if present and convert to buffer
-    const sigHex = signature.startsWith('0x') ? signature.slice(2) : signature;
-    const sigBuffer = Buffer.from(sigHex, 'hex');
-    
-    if (sigBuffer.length !== 65) {
-      throw new Error('Invalid signature length');
-    }
-    
-    // Extract r, s, v from signature
-    const r = sigBuffer.slice(0, 32);
-    const s = sigBuffer.slice(32, 64);
-    let v = sigBuffer[64];
-    
-    // Handle recovery id
-    if (v < 27) {
-      v += 27;
+    const keccak = require('keccak');
+
+    console.log('Verifying Ethereum signature:');
+    console.log('Message:', JSON.stringify(message));
+    console.log('Signature:', signature);
+    console.log('Expected address:', expectedAddress);
+
+    // Try different message formats that MetaMask might use
+    const messageFormats = [
+      message, // Original message
+      message.replace(/\\n/g, '\n'), // Replace escaped newlines
+      Buffer.from(message, 'utf8').toString(), // Ensure UTF-8 encoding
+    ];
+
+    for (let i = 0; i < messageFormats.length; i++) {
+      const testMessage = messageFormats[i];
+      console.log(`\nTrying message format ${i + 1}:`, JSON.stringify(testMessage));
+      
+      // Ethereum personal sign message format
+      const prefix = '\x19Ethereum Signed Message:\n';
+      const messageBuffer = Buffer.from(testMessage, 'utf8');
+      const prefixedMessage = prefix + messageBuffer.length + testMessage;
+      
+      console.log('Prefixed message:', JSON.stringify(prefixedMessage));
+      console.log('Message buffer length:', messageBuffer.length);
+      
+      // Hash the prefixed message
+      const messageHash = keccak('keccak256').update(Buffer.from(prefixedMessage, 'utf8')).digest();
+      console.log('Message hash:', messageHash.toString('hex'));
+      
+      // Remove 0x prefix if present and convert to buffer
+      const sigHex = signature.startsWith('0x') ? signature.slice(2) : signature;
+      const sigBuffer = Buffer.from(sigHex, 'hex');
+      
+      if (sigBuffer.length !== 65) {
+        continue;
+      }
+      
+      // Extract r, s, v from signature
+      const r = sigBuffer.slice(0, 32);
+      const s = sigBuffer.slice(32, 64);
+      let v = sigBuffer[64];
+      
+      console.log('Original v:', v);
+      
+      // Try both recovery IDs
+      for (const recoveryId of [0, 1]) {
+        try {
+          console.log(`Trying recovery ID: ${recoveryId}`);
+          
+          // Combine r and s for secp256k1
+          const signature65 = new Uint8Array([...r, ...s]);
+          
+          // Recover public key
+          const publicKey = secp256k1.ecdsaRecover(signature65, recoveryId, new Uint8Array(messageHash));
+          
+          // Convert public key to address
+          const publicKeyBuffer = Buffer.from(publicKey.slice(1));
+          const publicKeyHash = keccak('keccak256').update(publicKeyBuffer).digest();
+          const address = '0x' + publicKeyHash.slice(-20).toString('hex');
+          
+          console.log(`Recovered address: ${address}`);
+          
+          // Compare with expected address (case insensitive)
+          if (address.toLowerCase() === expectedAddress.toLowerCase()) {
+            console.log('✅ Signature verification successful!');
+            return true;
+          }
+        } catch (e) {
+          console.log(`❌ Failed with recovery ID ${recoveryId}:`, e);
+        }
+      }
     }
-    const recoveryId = v - 27;
-    
-    // Combine r and s for secp256k1
-    const signature65 = new Uint8Array([...r, ...s]);
     
-    // Recover public key
-    const publicKey = secp256k1.ecdsaRecover(signature65, recoveryId, new Uint8Array(messageHash));
-    
-    // Convert public key to address
-    const publicKeyHash = keccak256(publicKey.slice(1)); // Remove the 0x04 prefix
-    const address = '0x' + publicKeyHash.slice(-20).toString('hex');
-    
-    // Compare with expected address (case insensitive)
-    return address.toLowerCase() === expectedAddress.toLowerCase();
+    console.log('❌ All message formats and recovery IDs failed');
+    return false;
     
   } catch (error) {
     console.error('Error verifying Ethereum signature:', error);
diff --git a/templates/chain-template/pages/sign-message.tsx b/templates/chain-template/pages/sign-message.tsx
@@ -62,6 +62,7 @@ export default function SignMessage() {
       setSigningIn(true);
       let result: { signature: string };
       let publicKey: string;
+      let messageToSign = message;
 
       if (chain.chainType === 'eip155') {
         // Handle Ethereum chains
@@ -70,8 +71,14 @@ export default function SignMessage() {
           throw new Error('Ethereum wallet not found');
         }
 
-        // Sign the message using personal_sign
-        const signature = await ethereumWallet.signMessage(message);
+        // The message is already plain text, no need to decode
+        console.log('Message to sign:', messageToSign);
+
+        // Sign the message using personal_sign (MetaMask accepts string directly)
+        const signature = await ethereumWallet.ethereum.request({
+          method: 'personal_sign',
+          params: [messageToSign, address]
+        });
         result = { signature };
 
         // For Ethereum, we'll derive the public key from the signature during verification
@@ -102,7 +109,7 @@ export default function SignMessage() {
           'Content-Type': 'application/json',
         },
         body: JSON.stringify({
-          message,
+          message: messageToSign,
           signature: result.signature,
           publicKey,
           signer: address,
