Sort hash input recursively

narval-xyz · Jan 23, 2024 · 4eec880 · 4eec880
1 parent e6dea5c
commit 4eec880
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 42 deletions.
diff --git a/apps/authz/src/app/app.service.ts b/apps/authz/src/app/app.service.ts
@@ -144,7 +144,6 @@ export class AppService {
     const decoder = new Decoder({})
     const verificationMessage = hashRequest(request)
 
-    console.log('### hash', verificationMessage)
     const principalCredential = await this.#verifySignature(authentication, verificationMessage)
     if (!principalCredential) throw new Error(`Could not find principal`)
     const populatedApprovals = await this.#populateApprovals(approvals, verificationMessage)

diff --git a/apps/orchestration/src/policy-engine/core/service/authorization-request.service.ts b/apps/orchestration/src/policy-engine/core/service/authorization-request.service.ts
@@ -87,45 +87,9 @@ export class AuthorizationRequestService {
     const payload = {
       authentication: input.authentication,
       approvals: input.approvals,
-      request: {
-        action: input.request.action,
-        transactionRequest: input.request,
-        resourceId: 'eip155:eoa:0x90d03a8971a2faa19a9d7ffdcbca28fe826a289b'
-      }
+      request: input.request
     }
 
-    // const payload = {
-    //   authentication: {
-    //     sig: '0x9577787fc3a6db9d5779d0ec49222a24df0231659690eab80f21ea98161a55265de1b37c1a2534b46050feb0630dba7916f88b8203aa0b452200c52516495e651b',
-    //     alg: 'ES256K',
-    //     pubKey: '0xd75D626a116D4a1959fE3bB938B2e7c116A05890'
-    //   },
-    //   request: {
-    //     action: 'signTransaction',
-    //     transactionRequest: {
-    //       from: '0x90d03a8971a2faa19a9d7ffdcbca28fe826a289b',
-    //       to: '0x031d8C0cA142921c459bCB28104c0FF37928F9eD',
-    //       chainId: 137,
-    //       data: '0xa9059cbb000000000000000000000000031d8c0ca142921c459bcb28104c0ff37928f9ed000000000000000000000000000000000000000000005ab7f55035d1e7b4fe6d',
-    //       nonce: 192,
-    //       type: '2'
-    //     },
-    //     resourceId: 'eip155:eoa:0x90d03a8971a2faa19a9d7ffdcbca28fe826a289b'
-    //   },
-    //   approvals: [
-    //     {
-    //       sig: '0x3a07b4efd8f1af93ce046abf03bc50d107b67a2296ec36ae39bb52d49d9c43ee0ed62b406409995e4f659454180857353515526d21bf57881eaac4f05ff41ba61b',
-    //       alg: 'ES256K',
-    //       pubKey: '0x501D5c2Ce1EF208aadf9131a98BAa593258CfA06'
-    //     },
-    //     {
-    //       sig: '0xdc9ccfa081fed5ca9878dfba4aa0b7e621b94d25b8de1f13469f925e17d55ea370a04477778f58edd8766dce024f05133c9a69e86a316f16d426a45b3d9a98531b',
-    //       alg: 'ES256K',
-    //       pubKey: '0xab88c8785D0C00082dE75D801Fcb1d5066a6311e'
-    //     }
-    //   ]
-    // }
-
     this.logger.log('Sending authorization request to cluster evaluation', {
       authzRequest: input,
       payload

diff --git a/apps/orchestration/src/policy-engine/http/rest/controller/facade.controller.ts b/apps/orchestration/src/policy-engine/http/rest/controller/facade.controller.ts
@@ -21,6 +21,9 @@ export class FacadeController {
   async evaluation(@OrgId() orgId: string, @Body() body: AuthorizationRequestDto): Promise<AuthorizationResponseDto> {
     const authzRequest = await this.authorizationRequestService.create(toCreateAuthorizationRequest(orgId, body))
 
+    // TODO (@wcalderipe, 23/01/24): Validate if the signed hash is the same
+    // hash used internally.
+
     return new AuthorizationResponseDto(authzRequest)
   }
 

diff --git a/apps/orchestration/src/policy-engine/http/rest/dto/signature.dto.ts b/apps/orchestration/src/policy-engine/http/rest/dto/signature.dto.ts
@@ -1,15 +1,22 @@
 import { ApiProperty } from '@nestjs/swagger'
+import { Transform } from 'class-transformer'
 import { IsDefined, IsOptional, IsString } from 'class-validator'
 
 export class SignatureDto {
   @IsString()
   @IsDefined()
-  @ApiProperty()
+  @Transform(({ value }) => value.toLowerCase())
+  @ApiProperty({
+    format: 'lowercase'
+  })
   sig: string
 
   @IsString()
   @IsDefined()
-  @ApiProperty()
+  @Transform(({ value }) => value.toLowerCase())
+  @ApiProperty({
+    format: 'lowercase'
+  })
   pubKey: string
 
   @IsString()

diff --git a/packages/authz-shared/src/lib/util/__test__/unit/hash-request.util.spec.ts b/packages/authz-shared/src/lib/util/__test__/unit/hash-request.util.spec.ts
@@ -19,11 +19,19 @@ describe('hashRequest', () => {
     const a = {
       a: 'a',
       b: 1,
-      c: false
+      c: false,
+      d: {
+        a: 'a',
+        b: 1
+      }
     }
     const b = {
       c: false,
       b: 1,
+      d: {
+        b: 1,
+        a: 'a'
+      },
       a: 'a'
     }
 

diff --git a/packages/authz-shared/src/lib/util/hash-request.util.ts b/packages/authz-shared/src/lib/util/hash-request.util.ts
@@ -15,7 +15,7 @@ const sort = (value: unknown): unknown => {
     .reduce((acc, key) => {
       return {
         ...acc,
-        [key]: (value as Record<string, unknown>)[key]
+        [key]: sort((value as Record<string, unknown>)[key])
       }
     }, {})
 }