Merge pull request #312 from pendulum-chain/polygon-prototype-staging

Create a new production release

.prettierignore

@@ -19,4 +19,5 @@ favicon.png
 CHANGELOG.md
 **/*.svg
 .prettierignore
-.gitignore
+.gitignore
+_redirects

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Pendulum Chain / SatoshiPay
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -37,10 +37,15 @@ matter what URL the browser requests.
 
 ## Env Variables
 
-- `VITE_SIGNING_SERVICE_URL`: Optional variable to point to a specific signing backend service URL. If undefined, it
+- `VITE_SIGNING_SERVICE_PATH`: Optional variable to point to a specific signing backend service URL. If undefined, it
   will default to either:
-  - http://localhost:3000 (if in development mode)
-  - https://prototype-signer-service-polygon.pendulumchain.tech (if in production mode)
+  - `http://localhost:3000` (if in development mode)
+  - `/api/production` (if in production mode)
+    - this will use the `_redirects` file to direct Netlify to proxy all requests to `/api/production` to
+      `https://prototype-signer-service-polygon.pendulumchain.tech`
+  - `/api/staging` (if in staging mode)
+    - this will use the `_redirects` file to direct Netlify to proxy all requests to `/api/staging` to
+      `https://prototype-signer-service-polygon-staging.pendulumchain.tech`
 - `VITE_ALCHEMY_API_KEY`: Optional variable to set the Alchemy API key for the custom RPC provider. If undefined, it
   will use dhe default endpoint.
 

_redirects

@@ -0,0 +1,3 @@
+/api/production/*  https://prototype-signer-service-polygon.pendulumchain.tech/:splat  200
+/api/staging/*  https://prototype-signer-service-polygon-staging.pendulumchain.tech/:splat  200
+/* /index.html 200

mooncontracts/baseline.sol

@@ -8,6 +8,9 @@ contract ReceiveCrossChainXToken {
 
     address constant public axlUSDCAddress = 0xCa01a1D0993565291051daFF390892518ACfAD3A;
     IERC20 constant axlUSDC = IERC20(axlUSDCAddress);
+
+    address constant public squidRouterMultiCallContract = 0xaD6Cea45f98444a922a2b4fE96b8C90F0862D2F4;
+
     Xtokens constant xt = Xtokens(0x0000000000000000000000000000000000000804);
 
     event ReceiveBalance(uint256 balance);
@@ -38,7 +41,7 @@ contract ReceiveCrossChainXToken {
 
     function transferApprovedTokensToSelf(uint256 amount) internal {
         IERC20 token = IERC20(axlUSDCAddress);
-        bool success = token.transferFrom(0xEa749Fd6bA492dbc14c24FE8A3d08769229b896c, address(this), amount);
+        bool success = token.transferFrom(squidRouterMultiCallContract, address(this), amount);
         require(success, "Transfer failed");
     }
 }

mooncontracts/splitReceiver.sol

@@ -8,6 +8,9 @@ contract ReceiveCrossChainXToken {
 
     address constant public axlUSDCAddress = 0xCa01a1D0993565291051daFF390892518ACfAD3A;
     IERC20 constant axlUSDC = IERC20(axlUSDCAddress);
+
+    address constant public squidRouterMultiCallContract = 0xaD6Cea45f98444a922a2b4fE96b8C90F0862D2F4;
+
     Xtokens constant xt = Xtokens(0x0000000000000000000000000000000000000804);
 
     event ReceiveBalance(uint256 balance);
@@ -22,7 +25,7 @@ contract ReceiveCrossChainXToken {
     ) public {
         require(amount > 0, "Amount cannot be zero");
         require(xcmDataMapping[hash] == 0, "Hash already used");
-        
+
         xcmDataMapping[hash] = amount;
 
         transferApprovedTokensToSelf(amount);
@@ -52,7 +55,7 @@ contract ReceiveCrossChainXToken {
 
     function transferApprovedTokensToSelf(uint256 amount) internal {
         IERC20 token = IERC20(axlUSDCAddress);
-        bool success = token.transferFrom(0xEa749Fd6bA492dbc14c24FE8A3d08769229b896c, address(this), amount);
+        bool success = token.transferFrom(squidRouterMultiCallContract, address(this), amount);
         require(success, "Transfer failed");
     }
 }

package.json

@@ -6,7 +6,7 @@
   "packageManager": "yarn@4.5.0+sha512.837566d24eec14ec0f5f1411adb544e892b3454255e61fdef8fd05f3429480102806bac7446bc9daff3896b01ae4b62d00096c7e989f1596f2af10b927532f39",
   "scripts": {
     "dev": "vite --host",
-    "build": "tsc && vite build && cp -R src/assets/coins dist/assets/coins && echo '/* /index.html 200' | cat > dist/_redirects",
+    "build": "tsc && vite build && cp -R src/assets/coins dist/assets/coins && cp _redirects dist/_redirects",
     "preview": "vite preview",
     "lint": "eslint . --ext .ts,.tsx",
     "lint:fix": "eslint . --ext .ts,.tsx --fix",
@@ -48,6 +48,7 @@
     "bn.js": "^5.2.1",
     "buffer": "^6.0.3",
     "daisyui": "^4.11.1",
+    "ethers": "^6.13.4",
     "framer-motion": "^11.2.14",
     "postcss": "^8.4.38",
     "preact": "^10.12.1",
@@ -57,6 +58,7 @@
     "react-hook-form": "^7.51.5",
     "react-router-dom": "^6.8.1",
     "react-toastify": "^10.0.5",
+    "siwe": "^2.3.2",
     "stellar-base": "^11.0.1",
     "stellar-sdk": "^11.3.0",
     "tailwind": "^4.0.0",

signer-service/package.json

@@ -26,9 +26,11 @@
     "big.js": "^6.2.1",
     "body-parser": "^1.17.0",
     "compression": "^1.6.2",
+    "cookie-parser": "^1.4.7",
     "cors": "^2.8.3",
     "cross-env": "^7.0.3",
     "dotenv": "^16.4.5",
+    "ethers": "^6.13.4",
     "express": "^5.0.1",
     "express-rate-limit": "^6.7.0",
     "express-validation": "^1.0.2",
@@ -40,6 +42,7 @@
     "method-override": "^3.0.0",
     "mongoose": "^5.2.17",
     "morgan": "^1.8.1",
+    "siwe": "^2.3.2",
     "stellar-sdk": "^11.3.0",
     "viem": "^2.21.3",
     "winston": "^3.1.0"

signer-service/src/api/controllers/siwe.controller.js

@@ -0,0 +1,44 @@
+const { createAndSendNonce, verifyAndStoreSiweMessage } = require('../services/siwe.service');
+const { DEFAULT_LOGIN_EXPIRATION_TIME_HOURS } = require('../../constants/constants');
+
+exports.sendSiweMessage = async (req, res) => {
+  const { walletAddress } = req.body;
+  try {
+    const { nonce } = await createAndSendNonce(walletAddress);
+    return res.json({
+      nonce,
+    });
+  } catch (e) {
+    console.error(e);
+    return res.status(500).json({ error: 'Error while generating nonce' });
+  }
+};
+
+exports.validateSiweSignature = async (req, res) => {
+  const { nonce, signature, siweMessage } = req.body;
+  try {
+    await verifyAndStoreSiweMessage(nonce, signature, siweMessage);
+
+    const token = {
+      nonce,
+      signature,
+    };
+
+    res.cookie('authToken', token, {
+      httpOnly: true,
+      secure: true,
+      sameSite: 'Strict',
+      maxAge: DEFAULT_LOGIN_EXPIRATION_TIME_HOURS * 60 * 60 * 1000,
+    });
+
+    return res.status(200).json({ message: 'Signature is valid' });
+  } catch (e) {
+    console.error(e);
+
+    if (e.name === 'SiweValidationError') {
+      return res.status(401).json({ error: `Siwe validation error: ${e.message}` });
+    }
+
+    return res.status(500).json({ error: `Could not validate signature: ${e.message}` });
+  }
+};

signer-service/src/api/controllers/stellar.controller.js

@@ -1,7 +1,7 @@
 require('dotenv').config();
 
 const { Keypair } = require('stellar-sdk');
-const { FUNDING_SECRET } = require('../../constants/constants');
+const { FUNDING_SECRET, SEP10_MASTER_SECRET } = require('../../constants/constants');
 
 const { buildCreationStellarTx, buildPaymentAndMergeTx, sendStatusWithPk } = require('../services/stellar.service');
 const { signSep10Challenge } = require('../services/sep10.service');
@@ -54,12 +54,45 @@ exports.changeOpTransaction = async (req, res, next) => {
 
 exports.signSep10Challenge = async (req, res, next) => {
   try {
-    let { clientSignature, clientPublic } = await signSep10Challenge(
+    let maybeChallengeSignature;
+    let maybeNonce;
+    if (req.cookies?.authToken) {
+      maybeChallengeSignature = req.cookies.authToken.signature;
+      maybeNonce = req.cookies.authToken.nonce;
+    }
+
+    if (Boolean(req.body.memo) && (!maybeChallengeSignature || !maybeNonce)) {
+      return res.status(401).json({
+        error: 'Missing signature or nonce',
+      });
+    }
+
+    let { masterClientSignature, masterClientPublic, clientSignature, clientPublic } = await signSep10Challenge(
       req.body.challengeXDR,
       req.body.outToken,
       req.body.clientPublicKey,
+      maybeChallengeSignature,
+      maybeNonce,
     );
-    return res.json({ clientSignature, clientPublic });
+    return res.json({ masterClientSignature, masterClientPublic, clientSignature, clientPublic });
+  } catch (error) {
+    if (error.message.includes('Could not verify signature')) {
+      // Distinguish between failed signature check and other errors.
+      return res.status(401).json({
+        error: 'Signature validation failed.',
+        details: error.message,
+      });
+    }
+
+    console.error('Error in signSep10Challenge:', error);
+    return res.status(500).json({ error: 'Failed to sign challenge', details: error.message });
+  }
+};
+
+exports.getSep10MasterPK = async (req, res, next) => {
+  try {
+    const masterSep10Public = Keypair.fromSecret(SEP10_MASTER_SECRET).publicKey();
+    return res.json({ masterSep10Public });
   } catch (error) {
     console.error('Error in signSep10Challenge:', error);
     return res.status(500).json({ error: 'Failed to sign challenge', details: error.message });

signer-service/src/api/middlewares/validators.js

@@ -155,6 +155,31 @@ const validateSep10Input = (req, res, next) => {
   next();
 };
 
+const validateSiweCreate = (req, res, next) => {
+  const { walletAddress } = req.body;
+  if (!walletAddress) {
+    return res.status(400).json({ error: 'Missing param: walletAddress' });
+  }
+  next();
+};
+
+const validateSiweValidate = (req, res, next) => {
+  const { nonce, signature, siweMessage } = req.body;
+  if (!signature) {
+    return res.status(400).json({ error: 'Missing param: signature' });
+  }
+
+  if (!nonce) {
+    return res.status(400).json({ error: 'Missing param: nonce' });
+  }
+
+  if (!siweMessage) {
+    return res.status(400).json({ error: 'Missing param: siweMessage' });
+  }
+
+  next();
+};
+
 module.exports = {
   validateChangeOpInput,
   validateQuoteInput,
@@ -166,4 +191,6 @@ module.exports = {
   validateRatingInput,
   validateExecuteXCM,
   validateSep10Input,
+  validateSiweCreate,
+  validateSiweValidate,
 };

signer-service/src/api/routes/v1/index.js

@@ -7,6 +7,7 @@ const storageRoutes = require('./storage.route');
 const emailRoutes = require('./email.route');
 const ratingRoutes = require('./rating.route');
 const subsidizeRoutes = require('./subsidize.route');
+const siweRoutes = require('./siwe.route');
 const quoteRoutes = require('./quote.route');
 
 const router = express.Router({ mergeParams: true });
@@ -76,4 +77,9 @@ router.use('/subsidize', subsidizeRoutes);
  */
 router.use('/rating', ratingRoutes);
 
+/**
+ * POST v1/siwe
+ */
+router.use('/siwe', siweRoutes);
+
 module.exports = router;

signer-service/src/api/routes/v1/siwe.route.js

@@ -0,0 +1,11 @@
+const express = require('express');
+const controller = require('../../controllers/siwe.controller');
+const { validateSiweCreate, validateSiweValidate } = require('../../middlewares/validators');
+
+const router = express.Router({ mergeParams: true });
+
+router.route('/create').post(validateSiweCreate, controller.sendSiweMessage);
+
+router.route('/validate').post(validateSiweValidate, controller.validateSiweSignature);
+
+module.exports = router;

signer-service/src/api/routes/v1/stellar.route.js

@@ -10,4 +10,6 @@ router.route('/payment').post(validateChangeOpInput, controller.changeOpTransact
 
 router.route('/sep10').post(validateSep10Input, controller.signSep10Challenge);
 
+router.route('/sep10').get(controller.getSep10MasterPK);
+
 module.exports = router;