Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Copilot siwe #204

Merged
merged 68 commits into from
Jan 7, 2025
Merged

Copilot siwe #204

merged 68 commits into from
Jan 7, 2025

Conversation

MateuszStawski
Copy link
Contributor

No description provided.

MateuszStawski and others added 30 commits November 24, 2024 15:46
@MateuszStawski
feat(copilot): introduce redesign to trading copilot
804ec26
@MateuszStawski
chore(copilot): adjust styling and change used components
130aeb5
@MateuszStawski
chore(styling): change p class to text-label3
67f20d0
@MateuszStawski
Merge branch 'master' into feat/introduce-copliot-redesign
053e504
@MateuszStawski
fix(copilot): change improper onclick function argument
6713e15
@MateuszStawski
Merge branch 'feat/introduce-copliot-redesign' of https://github.com/…
be32188 
…MateuszStawski/core into feat/introduce-copliot-redesign
@MateuszStawski
chore(lint): adjust format
1ea1b74
@MateuszStawski
build: resolve conflicts
7a8a4b5
@MateuszStawski
chore: remove unused export
a0b9556
@MateuszStawski
chore: remove dialog component and its folder
239363e
@MateuszStawski
refactor/feat: update mismatched classnames & add new background variant
d838193
@MateuszStawski
refactor: update styles to match appearance on figma
b8a3195
@MateuszStawski
refactor: delete duplicated icon button
29cd3dc
@SolutionsEngineer
WiP
e00c2e8
@MateuszStawski
fix: update wrong avatar border class
6822109
@MateuszStawski
feat(draft): connect trading copilot view to API
664a81b
@MateuszStawski
fix: restoring the incorrectly changed class
bf671cf
@MateuszStawski
Merge branch 'feat/introduce-copliot-redesign' into copilot-dev
deb832b
@MateuszStawski
Merge branch 'feat/trading-copilot-api-connection' into copilot-dev
da3c122
@MateuszStawski
refactor: code cleanup after merge
a59d4ed
@MateuszStawski
feat: completing the API connection for copilot trading view
2b13975
@MateuszStawski
Merge branch 'copilot-dev' of github.com:idriss-xyz/core into copilot…
10d060c 
…-dev
@MateuszStawski
fix: revert wrong merge changes
db92839
@MateuszStawski
fix: remove unused exports
c7b9f38
@MateuszStawski
feat: fetch copilot subscriptions using user wallet address
897a364
@MateuszStawski
feat: use already implemented notifications
39207a8
@MateuszStawski
feat: verify if notification is rendered to avoid duplicates
6eb9a84
@MateuszStawski
feat: render websocket swaps as toast and use wallet address as user id
cf88ec1
@MateuszStawski
feat: add transaction creation api, update copilot websocket & notifi…
ae8e22d 
…cations
@MateuszStawski
refactor: remove unnecessary exports
05836e3
MateuszStawski and others added 21 commits December 21, 2024 02:10
@MateuszStawski
feat: add complete handling of transaction in copilot modal
99cf655
@MateuszStawski
feat: update success dialog heading in copilot
9e7d213
@MateuszStawski
feat: reload socket after changing user wallet
cbd6808
@MateuszStawski
Merge branch 'copilot-dev' of github.com:idriss-xyz/core into copilot…
5476954 
…-dev
@MateuszStawski
fix: use wallet address to register websocket instead of id1
b85f713
@MateuszStawski
feat: add minimum height for copilot modal
aeac8f8
@MateuszStawski
fix: update class selector to block github shortcuts
194f032
@daniel0ar
feat(copilot): Add generate-siwe-message hook
cac9aab
@MateuszStawski
refactor: update variables and texts, delete unused code
934094d
@MateuszStawski
feat: add time counter and update styles to match whole project
823de70
@MateuszStawski
fix: add transport url to other two commands using public client
919b24e
@MateuszStawski
fix: remove unused export of formatted time difference
1527058
@MateuszStawski
fix: remove unused export in date-utils
472540c
@MateuszStawski
feat: add logging in to api using siwe
0e180d2
@MateuszStawski
Merge branch 'copilot-dev' into copilot-SIWE
70e6d60
@MateuszStawski
feat: add logging in to api in copilot form onSubmits
bc89e2c
@MateuszStawski
fix: use wallet address instead of id1 in websocket connection
8b7bc3c
@21142
fix: refine scraping methods for warpcast after their structural chan…
8e82c1a 
…ges (idriss-xyz#200)
@lennardevertz @SolutionsEngineer @21142
Token section (idriss-xyz#209)
997c6a4 
Co-authored-by: Daniel Chutkowski <[email protected]>
Co-authored-by: SolutionsEngineer <[email protected]>
Co-authored-by: 21142 <[email protected]>
@MateuszStawski
fix: update login via siwe to use proper domain
1f912f9
@MateuszStawski
Merge branch 'master' into copilot-SIWE
512b6ee
daniel0ar
daniel0ar approved these changes Jan 4, 2025
View reviewed changes
Copy link
Collaborator

@daniel0ar daniel0ar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correctly implements dynamically forming the SIWE message by receiving a domain parameter in the API. Changed the type in the extension side and sent it in the hook handle function.

@lennardevertz
Copy link
Member

lennardevertz commented Jan 4, 2025
edited
Loading

please siwtch targeted branch to copilot-dev @MateuszStawski

@lennardevertz
Copy link
Member

lennardevertz commented Jan 4, 2025
edited
Loading

Correctly implements dynamically forming the SIWE message by receiving a domain parameter in the API. Changed the type in the extension side and sent it in the hook handle function.

Is this correctly implemented from the backend api side already? is verification successful? @daniel0ar

@MateuszStawski MateuszStawski changed the base branch from master to copilot-dev January 6, 2025 18:38
@daniel0ar
Copy link
Collaborator

As it is right now, the API won't respond with a jwt token unless verification is succesful. In my tests, all signed messages sent by the user are being verified succesfully with the provided publicClient on the API /login endpoint.

The only thing I would add for security is the nonce verification too, like this (line 29 of copilot-api/routes/auth.ts):

const valid = await publicClient.verifySiweMessage({
      address: walletAddress,
      message,
      signature,
      nonce,
    });

and line 21 of the same file:

const { signature, walletAddress, message, nonce } = req.body;

This means that the user on the extension side should also send the nonce they received from /wallet-address API endpoint.

This can be a separate PR or it can be included here.

@lennardevertz
Copy link
Member

As it is right now, the API won't respond with a jwt token unless verification is succesful. In my tests, all signed messages sent by the user are being verified succesfully with the provided publicClient on the API /login endpoint.

The only thing I would add for security is the nonce verification too, like this (line 29 of copilot-api/routes/auth.ts):

const valid = await publicClient.verifySiweMessage({
      address: walletAddress,
      message,
      signature,
      nonce,
    });

and line 21 of the same file:

const { signature, walletAddress, message, nonce } = req.body;

This means that the user on the extension side should also send the nonce they received from /wallet-address API endpoint.

This can be a separate PR or it can be included here.

lets do separate

@lennardevertz lennardevertz merged commit db17a44 into idriss-xyz:copilot-dev Jan 7, 2025
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daniel0ar daniel0ar daniel0ar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@MateuszStawski @lennardevertz @daniel0ar @SolutionsEngineer @21142