From 9a4c39743e5380b56f4daad5cd847f1356210f97 Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Mon, 16 Dec 2024 15:34:04 -0300
Subject: [PATCH] overwrite deriveMemo param before condition

---
 signer-service/src/api/middlewares/auth.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/signer-service/src/api/middlewares/auth.js b/signer-service/src/api/middlewares/auth.js
index f7b6a135..ec9eb415 100644
--- a/signer-service/src/api/middlewares/auth.js
+++ b/signer-service/src/api/middlewares/auth.js
@@ -2,8 +2,9 @@ const { validateSignatureAndGetMemo } = require('../services/siwe.service');
 
 const getMemoFromCookiesMiddleware = async (req, res, next) => {
   // If the client didn't specify, we don't want to pass a derived memo even if a cookie was sent.
+
+  req.derivedMemo = null; // Explicit overwrite to avoid tampering, defensive.
   if (!Boolean(req.body.memo)) {
-    req.derivedMemo = null;
     return next();
   }
   try {
@@ -52,7 +53,6 @@ const getMemoFromCookiesMiddleware = async (req, res, next) => {
     }
 
     req.derivedMemo = resultMemo;
-    console.log('derived memo', req.derivedMemo);
 
     next();
   } catch (err) {