From 9597e454e8f44ae6a10fb4685a65de17fc15f41b Mon Sep 17 00:00:00 2001 From: Semen Loktionov Date: Wed, 6 Dec 2023 15:57:21 +0200 Subject: [PATCH] remove ecdsa & add testflight job --- .github/workflows/main_testflight.yml | 34 ++++++++++++++++++ CHANGELOG.md | 6 ++++ README.md | 3 +- env-example | 1 - src/config.ts | 3 -- src/const/headers.ts | 1 - src/helpers/collabland-verify.ts | 52 +++------------------------ 7 files changed, 46 insertions(+), 54 deletions(-) create mode 100644 .github/workflows/main_testflight.yml diff --git a/.github/workflows/main_testflight.yml b/.github/workflows/main_testflight.yml new file mode 100644 index 0000000..26801c6 --- /dev/null +++ b/.github/workflows/main_testflight.yml @@ -0,0 +1,34 @@ +on: + push: + branches: + - 'main' + +jobs: + converge: + name: Converge + runs-on: ubuntu-latest + steps: + + - name: Checkout code + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Install werf + uses: werf/actions/install@v1.2 + + - name: Log in to registry + # This is where you will update the personal access token to GITHUB_TOKEN + run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin + + - name: Run echo + run: | + werf version + docker version + echo $GITHUB_REPOSITORY + echo $GITHUB_SHA + - name: Run Build + run: | + . $(werf ci-env github --as-file) + echo "${{ secrets.ENV_TESTFLIGHT }}" > .env + werf export web --dev --tag ghcr.io/$GITHUB_REPOSITORY:testflight-$GITHUB_SHA diff --git a/CHANGELOG.md b/CHANGELOG.md index c4717e6..2b75aee 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,9 +4,15 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog], and this project adheres to [Semantic Versioning]. ## [Unreleased] +### Added +- QA environment CI job + ### Fixed - App icon url in the action metadata +## Removed +- ECDSA Collab.Land request verification support + ## [0.1.0] - 2023-11-07 ### Added diff --git a/README.md b/README.md index 8dce9ce..8213933 100644 --- a/README.md +++ b/README.md @@ -45,8 +45,7 @@ allow members to verify their humanity using the [Rarimo Proof of Humanity] case - (Optional) In order to verify the webhook requests coming from the Collab.Land bot, please set the `SKIP_VERIFICATION` variable in your `.env` file to `false`. - Please, fetch the public key from the [**[Collab.Land Config]**], and replace - your `COLLABLAND_ECDSA_PUBLIC_KEY`, `COLLABLAND_ED25519_PUBLIC_KEY_HEX` - variables in the `.env` file. + `COLLABLAND_ED25519_PUBLIC_KEY_HEX` variables in the `.env` file. - (Optional) Set `LOG_LEVEL` to `debug` or `info` in the `.env` file to specify the log level. By default, it will be `debug`. diff --git a/env-example b/env-example index a0aed9b..f32f382 100644 --- a/env-example +++ b/env-example @@ -2,7 +2,6 @@ APP_URL="http://localhost:8000" POH_APP_URL="https://robotornot.mainnet-beta.rarimo.com" # https://api-qa.collab.land/config -COLLABLAND_ECDSA_PUBLIC_KEY="0x043b30458cf281461de368fd591b4c9b511a1b9263cea48517f41217ba14aa714fefea1adcfc9d8ae7ec0b4f7272f472178a5e674a1229ce5d2f2526244d62fbd8" COLLABLAND_ED25519_PUBLIC_KEY_HEX="bc9b6e5b99a10481e47aad74dbfdadb125e3c50a642ed2546b3602e43373c93a" ## optional diff --git a/src/config.ts b/src/config.ts index 7b5f30a..54677d2 100644 --- a/src/config.ts +++ b/src/config.ts @@ -5,14 +5,12 @@ type Config = { skipVerification: boolean appUrl: string pohAppUrl: string - collablandEcdsaPublicKey: string collablandEd25519PublicKeyHex: string } const validationSchema = yup.object({ loglevel: yup.string().optional().default('debug'), skipVerification: yup.boolean().required(), - collablandEcdsaPublicKey: yup.string().required(), collablandEd25519PublicKeyHex: yup.string().required(), pohAppUrl: yup.string().required(), appUrl: yup.string().required(), @@ -24,7 +22,6 @@ const loadCfg = (): Config => { const config = validationSchema.cast({ loglevel: process.env.LOG_LEVEL, skipVerification: skipVerification ? skipVerification === 'true' : false, - collablandEcdsaPublicKey: process.env.COLLABLAND_ECDSA_PUBLIC_KEY, collablandEd25519PublicKeyHex: process.env.COLLABLAND_ED25519_PUBLIC_KEY_HEX, pohAppUrl: process.env.POH_APP_URL, appUrl: process.env.APP_URL, diff --git a/src/const/headers.ts b/src/const/headers.ts index fffb535..7e908d5 100644 --- a/src/const/headers.ts +++ b/src/const/headers.ts @@ -1,3 +1,2 @@ -export const ACTION_ECDSA_SIGNATURE_HEADER = 'X-Signature-Ecdsa' export const ACTION_ED25519_SIGNATURE_HEADER = 'X-Signature-Ed25519' export const ACTION_SIGNATURE_TIMESTAMP_HEADER = 'X-Signature-Timestamp' diff --git a/src/helpers/collabland-verify.ts b/src/helpers/collabland-verify.ts index 3b5780b..26c9180 100644 --- a/src/helpers/collabland-verify.ts +++ b/src/helpers/collabland-verify.ts @@ -1,12 +1,7 @@ -import { utils } from 'ethers' import nacl from 'tweetnacl' import { config } from '@/config' -import { - ACTION_ECDSA_SIGNATURE_HEADER, - ACTION_ED25519_SIGNATURE_HEADER, - ACTION_SIGNATURE_TIMESTAMP_HEADER, -} from '@/const' +import { ACTION_ED25519_SIGNATURE_HEADER, ACTION_SIGNATURE_TIMESTAMP_HEADER } from '@/const' import { logger } from '@/log' const log = logger.child({ service: 'collabland-signature-verifier' }) @@ -16,42 +11,31 @@ type VerifyRequestResult = { reason?: string } -enum SignatureTypes { - ECDSA = 'ecdsa', - ED25519 = 'ed25519', -} - export const verifyCollablandRequest = async ( req: Request, body: string, ): Promise => { if (config.skipVerification) return { verified: true } - const ecdsaSignature = req.headers.get(ACTION_ECDSA_SIGNATURE_HEADER) - const ed25519Signature = req.headers.get(ACTION_ED25519_SIGNATURE_HEADER) + const signature = req.headers.get(ACTION_ED25519_SIGNATURE_HEADER) const signatureTimestamp: number = Number( req.headers.get(ACTION_SIGNATURE_TIMESTAMP_HEADER)?.toString() ?? '0', ) - const signature = ecdsaSignature ?? ed25519Signature - if (!signature) { return { verified: false, - reason: `${ACTION_ECDSA_SIGNATURE_HEADER} or ${ACTION_ED25519_SIGNATURE_HEADER} header is required`, + reason: `${ACTION_ED25519_SIGNATURE_HEADER} header is required`, } } - const signatureType = signature === ecdsaSignature ? SignatureTypes.ECDSA : SignatureTypes.ED25519 - - return verifyRequest(body, signatureTimestamp, signature, signatureType) + return verifyRequest(body, signatureTimestamp, signature) } const verifyRequest = ( body: string, signatureTimestamp: number, signature: string, - signatureType: SignatureTypes, ): VerifyRequestResult => { const delta = Math.abs(Date.now() - signatureTimestamp) @@ -63,12 +47,7 @@ const verifyRequest = ( } const msg = signatureTimestamp + body - - if (signatureType === SignatureTypes.ED25519) { - return verifyRequestWithEd25519(signature, msg) - } - - return verifyRequestWithEcdsa(signature, msg) + return verifyRequestWithEd25519(signature, msg) } const verifyRequestWithEd25519 = (signature: string, msg: string): VerifyRequestResult => { @@ -95,24 +74,3 @@ const verifyRequestWithEd25519 = (signature: string, msg: string): VerifyRequest return { verified } } - -const verifyRequestWithEcdsa = (signature: string, msg: string): VerifyRequestResult => { - const publicKey = config.collablandEcdsaPublicKey - let verified = false - - try { - log.debug('Verifying request with Ecdsa signature...', { publicKey, signature, msg }) - const digest = utils.hashMessage(msg) - verified = signature != null && utils.recoverPublicKey(digest, signature) === publicKey - log.debug('Signature verified', { verified }) - } catch (err: any) { - verified = false - log.error(`Failed to verify Ecdsa signature: ${err.message}`, err) - } - - if (!verified) { - return { verified, reason: 'Invalid request - Ecdsa signature cannot be verified' } - } - - return { verified } -}