fix(web): siwe-uri-check

Author: tractorss

web/netlify/functions/authUser.ts

@@ -7,7 +7,7 @@ import { SiweMessage } from "siwe";
 import { DEFAULT_CHAIN } from "consts/chains";
 import { ETH_SIGNATURE_REGEX } from "consts/index";
 
-import { netlifyUri } from "src/generatedNetlifyInfo.json";
+import { netlifyUri, netlifyDeployUri } from "src/generatedNetlifyInfo.json";
 import { Database } from "src/types/supabase-notification";
 
 const authUser = async (event) => {
@@ -37,7 +37,9 @@ const authUser = async (event) => {
 
     const siweMessage = new SiweMessage(message);
 
-    if (netlifyUri && netlifyUri !== siweMessage.uri) {
+    console.log({ netlifyUri, netlifyDeployUri });
+
+    if (netlifyUri && netlifyUri !== siweMessage.uri && netlifyDeployUri && netlifyDeployUri !== siweMessage.uri) {
       console.debug(`Invalid URI: expected ${netlifyUri} but got ${siweMessage.uri}`);
       throw new Error(`Invalid URI`);
     }
@@ -47,11 +49,6 @@ const authUser = async (event) => {
       throw new Error(`Invalid chain ID`);
     }
 
-    if (!siweMessage.expirationTime || Date.parse(siweMessage.expirationTime) < Date.now()) {
-      console.debug(`Message expired: ${siweMessage.expirationTime} < ${new Date().toISOString()}`);
-      throw new Error("Message expired");
-    }
-
     const lowerCaseAddress = siweMessage.address.toLowerCase();
     if (lowerCaseAddress !== address.toLowerCase()) {
       throw new Error("Address mismatch in provided address and message");

web/scripts/generateBuildInfo.sh

@@ -2,5 +2,5 @@
 
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
 
-jq -n --arg uri "$DEPLOY_PRIME_URL" '{ netlifyUri: $uri }' > src/generatedNetlifyInfo.json
+jq -n --arg primeUri "$DEPLOY_PRIME_URL" --arg uri "$URL" '{ netlifyDeployUri: $primeUri, netlifyUri: $uri  }' > src/generatedNetlifyInfo.json
 node $SCRIPT_DIR/gitInfo.js