use lukso validator at BE and DS and disable sig check in getUserProfile

dm3-org · Aug 29, 2024 · 3c9fecd · 3c9fecd
1 parent b56b5d8
commit 3c9fecd
Show file tree

Hide file tree

Showing 17 changed files with 98 additions and 55 deletions.
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
@@ -32,6 +32,7 @@ services:
             ENCRYPTION_PRIVATE_KEY: ${ENCRYPTION_PRIVATE_KEY}
             DISABLE_SESSION_CHECK: ${DISABLE_SESSION_CHECK}
             RPC: ${RPC}
+            LUKSO_RPC: ${LUKSO_RPC}
             PORT: 8081
             LOG_LEVEL: 'debug'
             DATABASE_URL: ${DATABASE_URL}
@@ -65,6 +66,7 @@ services:
             ENCRYPTION_PUBLIC_KEY: ${ENCRYPTION_PUBLIC_KEY}
             ENCRYPTION_PRIVATE_KEY: ${ENCRYPTION_PRIVATE_KEY}
             RPC: ${RPC}
+            LUKSO_RPC: ${LUKSO_RPC}
             PORT: 8083
             LOG_LEVEL: 'debug'
         volumes:

diff --git a/packages/backend/src/index.ts b/packages/backend/src/index.ts
@@ -5,6 +5,7 @@ import {
     getServerSecret,
     logError,
     logRequest,
+    getLuksoProvider,
 } from '@dm3-org/dm3-lib-server-side';
 import { logInfo } from '@dm3-org/dm3-lib-shared';
 import bodyParser from 'body-parser';
@@ -30,14 +31,15 @@ app.use(bodyParser.json());
 (async () => {
     const db = await getDatabase();
     const web3Provider = await getCachedWebProvider(process.env);
+    const luksoProvider = await getLuksoProvider(process.env);
     const serverSecret = getServerSecret(process.env);
 
     app.use(logRequest);
 
     app.get('/hello', (req, res) => {
         return res.status(200).send('Hello DM3');
     });
-    app.use('/profile', Profile(db, web3Provider, serverSecret));
+    app.use('/profile', Profile(db, web3Provider, luksoProvider, serverSecret));
     app.use('/storage', Storage(db, web3Provider, serverSecret));
     app.use('/auth', Auth(db, serverSecret, web3Provider));
     app.use(logError);

diff --git a/packages/backend/src/profile/profile.ts b/packages/backend/src/profile/profile.ts
@@ -1,5 +1,9 @@
 import { generateAuthJWT } from '@dm3-org/dm3-lib-server-side';
-import { getUserProfile } from '@dm3-org/dm3-lib-profile';
+import {
+    getUserProfile,
+    ProfileValidator,
+    SignedUserProfile,
+} from '@dm3-org/dm3-lib-profile';
 
 import {
     checkUserProfile,
@@ -14,6 +18,7 @@ import { IBackendDatabase } from '../persistence/getDatabase';
 export default (
     db: IBackendDatabase,
     web3Provider: ethers.providers.JsonRpcProvider,
+    luksoProvider: ethers.providers.JsonRpcProvider,
     serverSecret: string,
 ) => {
     const router = express.Router();
@@ -62,6 +67,7 @@ export default (
             if (
                 !(await checkUserProfile(
                     web3Provider,
+                    luksoProvider,
                     req.body, // as SignedUserProfile,
                     normalizeEnsName(ensName),
                 ))

diff --git a/packages/backend/src/profile/submitUserProfile.ts b/packages/backend/src/profile/submitUserProfile.ts
diff --git a/packages/delivery-service/src/index.ts b/packages/delivery-service/src/index.ts
@@ -3,6 +3,7 @@ import {
     Auth,
     errorHandler,
     getCachedWebProvider,
+    getLuksoProvider,
     getServerSecret,
     logError,
     logRequest,
@@ -105,6 +106,7 @@ global.logger = winston.createLogger({
     // load environment
     const deliveryServiceProperties = getDeliveryServiceProperties();
     const web3Provider = await getCachedWebProvider(process.env);
+    const luksoProvider = await getLuksoProvider(process.env);
 
     const db = getDbWithAddressResolvedGetAccount(
         await getDatabase(),
@@ -154,7 +156,7 @@ global.logger = winston.createLogger({
     //restAuth
 
     app.use('/auth', Auth(db, serverSecret, web3Provider));
-    app.use('/profile', Profile(db, web3Provider, serverSecret));
+    app.use('/profile', Profile(db, web3Provider, luksoProvider, serverSecret));
     app.use('/delivery', Delivery(web3Provider, db, serverSecret));
     app.use(
         '/notifications',

diff --git a/packages/delivery-service/src/profile/profile.ts b/packages/delivery-service/src/profile/profile.ts
@@ -7,6 +7,7 @@ import { IDatabase } from '../persistence/getDatabase';
 
 export const Profile = (
     db: IDatabase,
+    luksoProvider: ethers.providers.JsonRpcProvider,
     web3Provider: ethers.providers.JsonRpcProvider,
     serverSecret: string,
 ) => {
@@ -69,6 +70,7 @@ export const Profile = (
             );
 
             const data = await submitUserProfile(
+                luksoProvider,
                 db.getAccount,
                 db.setAccount,
                 //use normalized address

diff --git a/packages/lib/delivery/src/UserProfile.test.ts b/packages/lib/delivery/src/UserProfile.test.ts
@@ -46,9 +46,11 @@ describe('UserProfile', () => {
             const getAccount = () => Promise.resolve(null);
 
             const singedUserProfile = await signProfile(emptyProfile);
+            const luksoProvider = {} as ethers.providers.BaseProvider;
 
             await expect(async () => {
                 await submitUserProfile(
+                    luksoProvider,
                     getAccount,
                     setAccount,
                     RANDO_ADDRESS,
@@ -85,7 +87,10 @@ describe('UserProfile', () => {
 
             const singedUserProfile = await signProfile(emptyProfile);
 
+            const luksoProvider = {} as ethers.providers.BaseProvider;
+
             await submitUserProfile(
+                luksoProvider,
                 getAccount,
                 setAccount,
                 SENDER_ADDRESS,
@@ -95,6 +100,7 @@ describe('UserProfile', () => {
 
             await expect(async () => {
                 await submitUserProfile(
+                    luksoProvider,
                     getAccount,
                     setAccount,
                     SENDER_ADDRESS,
@@ -110,7 +116,10 @@ describe('UserProfile', () => {
 
             const singedUserProfile = await signProfile(emptyProfile);
 
+            const luksoProvider = {} as ethers.providers.BaseProvider;
+
             await submitUserProfile(
+                luksoProvider,
                 getAccount,
                 setAccount,
                 SENDER_ADDRESS,

diff --git a/packages/lib/delivery/src/UserProfile.ts b/packages/lib/delivery/src/UserProfile.ts
@@ -1,4 +1,5 @@
 import {
+    ProfileValidator,
     SignedUserProfile,
     checkUserProfileWithAddress,
     getDefaultProfileExtension,
@@ -10,6 +11,7 @@ import { generateAuthJWT } from '@dm3-org/dm3-lib-server-side';
 import { Session } from './Session';
 
 export async function submitUserProfile(
+    luksoProvider: ethers.providers.BaseProvider,
     getAccount: (accountAddress: string) => Promise<Session | null>,
     setAccount: (accountAddress: string, session: Session) => Promise<void>,
     address: string,
@@ -23,10 +25,16 @@ export async function submitUserProfile(
     //normalize the address
     const _address = ethers.utils.getAddress(address);
     //     check if the submitted profile is has been signed by the adddress that want's to submit the profile
-    if (!(await checkUserProfileWithAddress(signedUserProfile, _address))) {
-        logDebug('submitUserProfile - Signature invalid');
-        throw Error('Signature invalid.');
+
+    const isValidProfile = await new ProfileValidator(luksoProvider).validate(
+        signedUserProfile,
+        _address,
+    );
+
+    if (!isValidProfile) {
+        throw Error('submit user profile failed - invalid profile');
     }
+
     const session: Session = {
         account: _address,
         signedUserProfile,

diff --git a/packages/lib/profile/src/Profile.ts b/packages/lib/profile/src/Profile.ts
@@ -10,6 +10,7 @@ import queryString from 'query-string';
 import { Dm3Profile } from './profileResolver/ProfileResolver';
 import { createProfileKeys } from './profileKeys/createProfileKeys';
 import { SignedUserProfile, UserProfile } from './types';
+import { ProfileValidator } from './profileValidator/ProfileValidator';
 
 export const DEFAULT_NONCE = ethers.utils.sha256(
     ethers.utils.toUtf8Bytes('dm3_default_nonce'),
@@ -107,17 +108,25 @@ export function getAccountDisplayName(
  * @param ensName The ENS domain name
  */
 export async function checkUserProfile(
+    luksoProvider: ethers.providers.JsonRpcProvider,
     provider: ethers.providers.JsonRpcProvider,
-    { profile, signature }: SignedUserProfile,
+    signedUserProfile: SignedUserProfile,
     ensName: string,
 ): Promise<boolean> {
     const accountAddress = await provider.resolveName(ensName);
 
     if (!accountAddress) {
-        throw Error(`Couldn't resolve name`);
+        throw Error(`Couldn't resolve address for ${ensName}`);
     }
     //ensures that the profile has been signed by the owner of the ENS name to prevent impersonation
-    return checkUserProfileWithAddress({ profile, signature }, accountAddress);
+    const isValidProfile = await new ProfileValidator(luksoProvider).validate(
+        signedUserProfile as SignedUserProfile,
+        accountAddress,
+    );
+
+    return isValidProfile;
+
+    //return checkUserProfileWithAddress({ profile, signature }, accountAddress);
 }
 
 /**

diff --git a/packages/lib/profile/src/index.ts b/packages/lib/profile/src/index.ts
@@ -33,3 +33,4 @@ export {
 } from './deliveryServiceProfile/Delivery';
 export * from './profileKeys/createProfileKeys';
 export * from './profileLink';
+export * from './profileValidator/ProfileValidator';
diff --git a/.../src/http/profileValidator/ERC725Abi.json → ...ofile/src/profileValidator/ERC725Abi.json b/.../src/http/profileValidator/ERC725Abi.json → ...ofile/src/profileValidator/ERC725Abi.json
diff --git a/...profileValidator/ProfileValidator.test.ts → ...profileValidator/ProfileValidator.test.ts b/...profileValidator/ProfileValidator.test.ts → ...profileValidator/ProfileValidator.test.ts
diff --git a/...http/profileValidator/ProfileValidator.ts → .../src/profileValidator/ProfileValidator.ts b/...http/profileValidator/ProfileValidator.ts → .../src/profileValidator/ProfileValidator.ts
@@ -3,14 +3,14 @@
 //1. Profiles signed by an EOA
 //2. Profiles signed by an Lukso Universal profile
 
-import {
-    checkUserProfileWithAddress,
-    getProfileCreationMessage,
-    SignedUserProfile,
-} from '@dm3-org/dm3-lib-profile';
 import { stringify } from '@dm3-org/dm3-lib-shared';
 import { ethers } from 'ethers';
 import ERC725Abi from './ERC725Abi.json';
+import {
+    checkUserProfileWithAddress,
+    getProfileCreationMessage,
+} from '../Profile';
+import { SignedUserProfile } from '../types';
 
 //ERC-1271 constants can be found at lsp6-contracts/contracts/constants.sol
 const ERC1271_SUCCESSVALUE = '0x1626ba7e';
@@ -26,7 +26,18 @@ export class ProfileValidator {
         signedUserProfile: SignedUserProfile,
         address: string,
     ): Promise<boolean> {
-        return checkUserProfileWithAddress(signedUserProfile, address);
+        const isValid = await checkUserProfileWithAddress(
+            signedUserProfile,
+            address,
+        );
+
+        if (!isValid) {
+            console.error('invalid dm3 address profile', {
+                signedUserProfile,
+                address,
+            });
+        }
+        return isValid;
     }
     //Check if a profile is signed by one of the UP controllers
     //This method is used for every universal profile

diff --git a/packages/lib/profile/src/userProfile/getUserProfile.ts b/packages/lib/profile/src/userProfile/getUserProfile.ts
@@ -80,8 +80,14 @@ export async function getUserProfile(
         .find((r) => r.isProfile(textRecord))
         ?.resolveProfile(textRecord);
 
-    if (profile && !(await checkUserProfile(provider, profile, contact))) {
-        throw Error(`Couldn't verify user profile`);
+    //Second occurance of checkUserProfile is the check of pthers profiles
+    // if (profile && !(await checkUserProfile(provider, profile, contact))) {
+    //     throw Error(`Couldn't verify user profile`);
+    // }
+
+    if (!profile) {
+        console.log('unable to fetch user profile for ', contact);
+        return undefined;
     }
 
     return profile;

diff --git a/packages/lib/server-side/src/index.ts b/packages/lib/server-side/src/index.ts
@@ -1,6 +1,7 @@
 export { Auth } from './auth';
 export * from './authorize';
 export { getCachedWebProvider } from './web3Provider/getCachedWebProvider';
+export { getLuksoProvider } from './web3Provider/getLuksoProvider';
 export type { IAccountDatabase } from './iAccountDatabase';
 export * from './utils';
 export * from './Keys';
diff --git a/packages/lib/server-side/src/web3Provider/getLuksoProvider.ts b/packages/lib/server-side/src/web3Provider/getLuksoProvider.ts
@@ -0,0 +1,17 @@
+import { ethers } from 'ethers';
+
+export async function getLuksoProvider(
+    env: NodeJS.ProcessEnv,
+): Promise<ethers.providers.JsonRpcProvider> {
+    const readKey = (keyName: string) => {
+        const key = env[keyName];
+        if (!key) {
+            throw Error(`Missing ${keyName} in env`);
+        }
+
+        return key;
+    };
+
+    const rpc = readKey('RPC');
+    return new ethers.providers.JsonRpcProvider(rpc);
+}
diff --git a/packages/offchain-resolver/src/http/profile.ts b/packages/offchain-resolver/src/http/profile.ts
@@ -1,10 +1,13 @@
 import { checkSignature } from '@dm3-org/dm3-lib-crypto';
-import { checkUserProfileWithAddress, schema } from '@dm3-org/dm3-lib-profile';
+import {
+    checkUserProfileWithAddress,
+    schema,
+    ProfileValidator,
+} from '@dm3-org/dm3-lib-profile';
 import { validateSchema } from '@dm3-org/dm3-lib-shared';
 import { ethers } from 'ethers';
 import express from 'express';
 import { SiweMessage } from 'siwe';
-import { ProfileValidator } from './profileValidator/ProfileValidator';
 import { SubdomainManager } from './subdomainManager/SubdomainManager';
 import { WithLocals } from './types';