Merge pull request #500 from zkLinkProtocol/fix-check-password

xsteadybcgo · web-flow · commit b1860530ea40 · 2024-11-28T14:54:37.000+08:00
fix: check password before claiming
diff --git a/libs/red-envelope/src/red-envelope.service.ts b/libs/red-envelope/src/red-envelope.service.ts
@@ -440,16 +440,24 @@ export class RedEnvelopeService extends ActionDto<FieldTypes> {
   public async preCheckTransaction(
     data: GenerateTransactionParams<FieldTypes>,
   ) {
-    const { additionalData } = data;
+    const { additionalData, formData } = data;
+    const { password } = formData;
     const { code, account } = additionalData;
     if (!code) {
       throw new Error('missing code');
     }
     const packetId = this.getPacketIDByCode(code);
+    const packetInfo = await this.envelopContract.redPackets(packetId);
+    const passwordHash = ethers.keccak256(ethers.toUtf8Bytes(password));
     const hasClaimed = await this.envelopContract.isClaimed(packetId, account);
     if (hasClaimed) {
       return 'User has already received';
     }
+
+    if ([...packetInfo].pop() !== passwordHash) {
+      return 'Wrong Password';
+    }
+
     const hasUnclaimedPacket =
       await this.envelopContract.getRedPacketBalance(packetId);
     if (hasUnclaimedPacket.unClaimedCount === 0n) {
diff --git a/libs/shared-red-packet/src/shared-red-packet.service.ts b/libs/shared-red-packet/src/shared-red-packet.service.ts
@@ -376,19 +376,27 @@ export class SharedRedPacketService extends ActionDto<FieldTypes> {
   public async preCheckTransaction(
     data: GenerateTransactionParams<FieldTypes>,
   ) {
-    const { additionalData } = data;
+    const { additionalData, formData } = data;
+    const { password } = formData;
     const { code, account } = additionalData;
     if (!code) {
       throw new Error('missing code');
     }
     const packetId = this.getPacketIDByCode(code);
+    const packetInfo = await this.redPacketContract.redPackets(packetId);
+    const passwordHash = ethers.keccak256(ethers.toUtf8Bytes(password));
     const hasClaimed = await this.redPacketContract.isClaimed(
       packetId,
       account,
     );
     if (hasClaimed) {
       return 'User has already received';
     }
+
+    if ([...packetInfo].pop() !== passwordHash) {
+      return 'Wrong Password';
+    }
+
     const hasUnclaimedPacket =
       await this.redPacketContract.getRedPacketBalance(packetId);
     if (hasUnclaimedPacket.unClaimedCount === 0n) {
