From ce14b757a1b49d8ea803ff19f9082e97e9755306 Mon Sep 17 00:00:00 2001 From: Alec Ananian <1013230+alecananian@users.noreply.github.com> Date: Tue, 4 Jun 2024 14:21:36 +0200 Subject: [PATCH] update logic for active signer check --- .../TDK/Runtime/Identity/TDK.Identity.cs | 54 +++++++++++++------ 1 file changed, 39 insertions(+), 15 deletions(-) diff --git a/Assets/Treasure/TDK/Runtime/Identity/TDK.Identity.cs b/Assets/Treasure/TDK/Runtime/Identity/TDK.Identity.cs index d3fa9334..fb9b933e 100644 --- a/Assets/Treasure/TDK/Runtime/Identity/TDK.Identity.cs +++ b/Assets/Treasure/TDK/Runtime/Identity/TDK.Identity.cs @@ -3,6 +3,7 @@ using UnityEngine; using System; using System.Collections.Generic; +using System.Numerics; #if TDK_THIRDWEB using Thirdweb; @@ -103,14 +104,15 @@ private async Task SignLoginPayload(AuthPayload payload) private async Task CreateSessionKey(Project project) { #if TDK_THIRDWEB + var permissionStartTimestamp = (decimal)Utils.GetUnixTimeStampNow() - 60 * 60; var permissionEndTimestamp = (decimal)(Utils.GetUnixTimeStampNow() + 60 * 60 * 24 * TDK.Instance.AppConfig.SessionLengthDays); await TDKServiceLocator.GetService().Wallet.CreateSessionKey( signerAddress: project.backendWallet, approvedTargets: project.callTargets, nativeTokenLimitPerTransactionInWei: "0", - permissionStartTimestamp: "0", + permissionStartTimestamp: permissionStartTimestamp.ToString(), permissionEndTimestamp: permissionEndTimestamp.ToString(), - reqValidityStartTimestamp: "0", + reqValidityStartTimestamp: permissionStartTimestamp.ToString(), reqValidityEndTimestamp: permissionEndTimestamp.ToString() ); #else @@ -118,6 +120,21 @@ await TDKServiceLocator.GetService().Wallet.CreateSessionKey return await Task.FromResult(string.Empty); #endif } + + private bool ValidateActiveSigner(Project project, string signer, IEnumerable approvedTargets, string endTimestamp) + { + var signerCallTargets = approvedTargets.Select(callTarget => callTarget.ToLowerInvariant()); + var expirationDate = BigInteger.Parse(endTimestamp); + return + // Expiration date is at least 1 hour in the future + expirationDate > Utils.GetUnixTimeStampNow() + 60 * 60 && + // Expiration date is not too far in the future + expirationDate <= Utils.GetUnixTimeStampIn10Years() && + // Expected backend wallet is signer + signer.ToLowerInvariant() == project.backendWallet && + // All requested call targets are approved + project.requestedCallTargets.All(callTarget => signerCallTargets.Contains(callTarget)); + } #endregion #region public api @@ -125,8 +142,6 @@ await TDKServiceLocator.GetService().Wallet.CreateSessionKey { TDKLogger.Log("Validating existing user session"); var project = await GetProjectByChainId(chainId); - var backendWallet = project.backendWallet; - var requestedCallTargets = project.requestedCallTargets; try { @@ -141,8 +156,7 @@ await TDKServiceLocator.GetService().Wallet.CreateSessionKey // Check if any active signers match the requested projects' call targets var hasActiveSession = user.allActiveSigners.Any((signer) => { - return signer.signer.ToLowerInvariant() == backendWallet && - requestedCallTargets.All(callTarget => signer.approvedTargets.Contains(callTarget)); + return ValidateActiveSigner(project, signer.signer, signer.approvedTargets, signer.endTimestamp); }); if (!hasActiveSession) @@ -220,17 +234,27 @@ public async Task StartUserSession(ChainId sessionChainId = ChainId.Unkn // Smart wallet was already deployed, so check for existing sessions if (!didCreateSession) { - var backendWallet = project.backendWallet; - var requestedCallTargets = project.requestedCallTargets; - var activeSigners = await TDKServiceLocator.GetService().Wallet.GetAllActiveSigners(); + var hasActiveSession = false; + List activeSigners = null; + try + { + activeSigners = await TDKServiceLocator.GetService().Wallet.GetAllActiveSigners(); + } + catch (Exception e) + { + // GetAllActiveSigners can error if the expirationDate is invalid + // In this case, we will ignore the session and override it by creating a new one + TDKLogger.LogError($"Error fetching active signers: {e}"); + } - // Check if any active signers match the requested projects' call targets - var hasActiveSession = activeSigners.Any((signer) => + if (activeSigners != null && activeSigners.Count > 0) { - var signerCallTargets = signer.permissions.approvedCallTargets.Select(callTarget => callTarget.ToLowerInvariant()); - return signer.signer.ToLowerInvariant() == backendWallet && - requestedCallTargets.All(callTarget => signerCallTargets.Contains(callTarget)); - }); + // Check if any active signers match the requested projects' call targets + hasActiveSession = activeSigners.Any((signer) => + { + return ValidateActiveSigner(project, signer.signer, signer.permissions.approvedCallTargets, signer.permissions.expirationDate); + }); + } if (!hasActiveSession) {