remove ecdsa & add testflight job

.github/workflows/main_testflight.yml

@@ -0,0 +1,34 @@
+on:
+  push:
+    branches:
+      - 'main'
+
+jobs:
+  converge:
+    name: Converge
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Install werf
+        uses: werf/actions/install@v1.2
+
+      - name: Log in to registry
+        # This is where you will update the personal access token to GITHUB_TOKEN
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
+
+      - name: Run echo
+        run: |
+          werf version
+          docker version
+          echo $GITHUB_REPOSITORY
+          echo $GITHUB_SHA
+      - name: Run Build
+        run: |
+          . $(werf ci-env github --as-file)
+          echo "${{ secrets.ENV_TESTFLIGHT }}" > .env
+          werf export web --dev --tag ghcr.io/$GITHUB_REPOSITORY:testflight-$GITHUB_SHA

CHANGELOG.md

@@ -4,9 +4,15 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog], and this project adheres to [Semantic Versioning].
 
 ## [Unreleased]
+### Added
+- QA environment CI job
+
 ### Fixed
 - App icon url in the action metadata
 
+## Removed
+- ECDSA Collab.Land request verification support
+
 ## [0.1.0] - 2023-11-07
 
 ### Added

README.md

@@ -45,8 +45,7 @@ allow members to verify their humanity using the [Rarimo Proof of Humanity] case
 - (Optional) In order to verify the webhook requests coming from the Collab.Land bot, please set
   the `SKIP_VERIFICATION` variable in your `.env` file to `false`.
 - Please, fetch the public key from the [**[Collab.Land Config]**], and replace
-  your `COLLABLAND_ECDSA_PUBLIC_KEY`, `COLLABLAND_ED25519_PUBLIC_KEY_HEX`
-  variables in the `.env` file.
+  `COLLABLAND_ED25519_PUBLIC_KEY_HEX` variables in the `.env` file.
 - (Optional) Set `LOG_LEVEL` to `debug` or `info` in the `.env` file to specify the log level. By default, it
   will be `debug`.
 

env-example

@@ -2,7 +2,6 @@ APP_URL="http://localhost:8000"
 POH_APP_URL="https://robotornot.mainnet-beta.rarimo.com"
 
 # https://api-qa.collab.land/config
-COLLABLAND_ECDSA_PUBLIC_KEY="0x043b30458cf281461de368fd591b4c9b511a1b9263cea48517f41217ba14aa714fefea1adcfc9d8ae7ec0b4f7272f472178a5e674a1229ce5d2f2526244d62fbd8"
 COLLABLAND_ED25519_PUBLIC_KEY_HEX="bc9b6e5b99a10481e47aad74dbfdadb125e3c50a642ed2546b3602e43373c93a"
 
 ## optional

src/config.ts

@@ -5,14 +5,12 @@ type Config = {
   skipVerification: boolean
   appUrl: string
   pohAppUrl: string
-  collablandEcdsaPublicKey: string
   collablandEd25519PublicKeyHex: string
 }
 
 const validationSchema = yup.object({
   loglevel: yup.string().optional().default('debug'),
   skipVerification: yup.boolean().required(),
-  collablandEcdsaPublicKey: yup.string().required(),
   collablandEd25519PublicKeyHex: yup.string().required(),
   pohAppUrl: yup.string().required(),
   appUrl: yup.string().required(),
@@ -24,7 +22,6 @@ const loadCfg = (): Config => {
   const config = validationSchema.cast({
     loglevel: process.env.LOG_LEVEL,
     skipVerification: skipVerification ? skipVerification === 'true' : false,
-    collablandEcdsaPublicKey: process.env.COLLABLAND_ECDSA_PUBLIC_KEY,
     collablandEd25519PublicKeyHex: process.env.COLLABLAND_ED25519_PUBLIC_KEY_HEX,
     pohAppUrl: process.env.POH_APP_URL,
     appUrl: process.env.APP_URL,

src/const/headers.ts

@@ -1,3 +1,2 @@
-export const ACTION_ECDSA_SIGNATURE_HEADER = 'X-Signature-Ecdsa'
 export const ACTION_ED25519_SIGNATURE_HEADER = 'X-Signature-Ed25519'
 export const ACTION_SIGNATURE_TIMESTAMP_HEADER = 'X-Signature-Timestamp'

src/helpers/collabland-verify.ts

@@ -1,12 +1,7 @@
-import { utils } from 'ethers'
 import nacl from 'tweetnacl'
 
 import { config } from '@/config'
-import {
-  ACTION_ECDSA_SIGNATURE_HEADER,
-  ACTION_ED25519_SIGNATURE_HEADER,
-  ACTION_SIGNATURE_TIMESTAMP_HEADER,
-} from '@/const'
+import { ACTION_ED25519_SIGNATURE_HEADER, ACTION_SIGNATURE_TIMESTAMP_HEADER } from '@/const'
 import { logger } from '@/log'
 
 const log = logger.child({ service: 'collabland-signature-verifier' })
@@ -16,42 +11,31 @@ type VerifyRequestResult = {
   reason?: string
 }
 
-enum SignatureTypes {
-  ECDSA = 'ecdsa',
-  ED25519 = 'ed25519',
-}
-
 export const verifyCollablandRequest = async (
   req: Request,
   body: string,
 ): Promise<VerifyRequestResult> => {
   if (config.skipVerification) return { verified: true }
 
-  const ecdsaSignature = req.headers.get(ACTION_ECDSA_SIGNATURE_HEADER)
-  const ed25519Signature = req.headers.get(ACTION_ED25519_SIGNATURE_HEADER)
+  const signature = req.headers.get(ACTION_ED25519_SIGNATURE_HEADER)
   const signatureTimestamp: number = Number(
     req.headers.get(ACTION_SIGNATURE_TIMESTAMP_HEADER)?.toString() ?? '0',
   )
 
-  const signature = ecdsaSignature ?? ed25519Signature
-
   if (!signature) {
     return {
       verified: false,
-      reason: `${ACTION_ECDSA_SIGNATURE_HEADER} or ${ACTION_ED25519_SIGNATURE_HEADER} header is required`,
+      reason: `${ACTION_ED25519_SIGNATURE_HEADER} header is required`,
     }
   }
 
-  const signatureType = signature === ecdsaSignature ? SignatureTypes.ECDSA : SignatureTypes.ED25519
-
-  return verifyRequest(body, signatureTimestamp, signature, signatureType)
+  return verifyRequest(body, signatureTimestamp, signature)
 }
 
 const verifyRequest = (
   body: string,
   signatureTimestamp: number,
   signature: string,
-  signatureType: SignatureTypes,
 ): VerifyRequestResult => {
   const delta = Math.abs(Date.now() - signatureTimestamp)
 
@@ -63,12 +47,7 @@ const verifyRequest = (
   }
 
   const msg = signatureTimestamp + body
-
-  if (signatureType === SignatureTypes.ED25519) {
-    return verifyRequestWithEd25519(signature, msg)
-  }
-
-  return verifyRequestWithEcdsa(signature, msg)
+  return verifyRequestWithEd25519(signature, msg)
 }
 
 const verifyRequestWithEd25519 = (signature: string, msg: string): VerifyRequestResult => {
@@ -95,24 +74,3 @@ const verifyRequestWithEd25519 = (signature: string, msg: string): VerifyRequest
 
   return { verified }
 }
-
-const verifyRequestWithEcdsa = (signature: string, msg: string): VerifyRequestResult => {
-  const publicKey = config.collablandEcdsaPublicKey
-  let verified = false
-
-  try {
-    log.debug('Verifying request with Ecdsa signature...', { publicKey, signature, msg })
-    const digest = utils.hashMessage(msg)
-    verified = signature != null && utils.recoverPublicKey(digest, signature) === publicKey
-    log.debug('Signature verified', { verified })
-  } catch (err: any) {
-    verified = false
-    log.error(`Failed to verify Ecdsa signature: ${err.message}`, err)
-  }
-
-  if (!verified) {
-    return { verified, reason: 'Invalid request - Ecdsa signature cannot be verified' }
-  }
-
-  return { verified }
-}