TreasureProject · alecananian · Jun 4, 2024 · Jun 4, 2024
diff --git a/Assets/Treasure/TDK/Runtime/Identity/TDK.Identity.cs b/Assets/Treasure/TDK/Runtime/Identity/TDK.Identity.cs
@@ -3,6 +3,7 @@
 using UnityEngine;
 using System;
 using System.Collections.Generic;
+using System.Numerics;
 
 #if TDK_THIRDWEB
 using Thirdweb;
@@ -103,30 +104,44 @@ private async Task<string> SignLoginPayload(AuthPayload payload)
         private async Task CreateSessionKey(Project project)
         {
 #if TDK_THIRDWEB
+            var permissionStartTimestamp = (decimal)Utils.GetUnixTimeStampNow() - 60 * 60;
             var permissionEndTimestamp = (decimal)(Utils.GetUnixTimeStampNow() + 60 * 60 * 24 * TDK.Instance.AppConfig.SessionLengthDays);
             await TDKServiceLocator.GetService<TDKThirdwebService>().Wallet.CreateSessionKey(
                 signerAddress: project.backendWallet,
                 approvedTargets: project.callTargets,
                 nativeTokenLimitPerTransactionInWei: "0",
-                permissionStartTimestamp: "0",
+                permissionStartTimestamp: permissionStartTimestamp.ToString(),
                 permissionEndTimestamp: permissionEndTimestamp.ToString(),
-                reqValidityStartTimestamp: "0",
+                reqValidityStartTimestamp: permissionStartTimestamp.ToString(),
                 reqValidityEndTimestamp: permissionEndTimestamp.ToString()
             );
 #else
             TDKLogger.LogError("Unable to create session key. TDK Identity wallet service not implemented.");
             return await Task.FromResult<string>(string.Empty);
 #endif
         }
+
+        private bool ValidateActiveSigner(Project project, string signer, IEnumerable<string> approvedTargets, string endTimestamp)
+        {
+            var signerCallTargets = approvedTargets.Select(callTarget => callTarget.ToLowerInvariant());
+            var expirationDate = BigInteger.Parse(endTimestamp);
+            return
+                // Expiration date is at least 1 hour in the future
+                expirationDate > Utils.GetUnixTimeStampNow() + 60 * 60 &&
+                // Expiration date is not too far in the future
+                expirationDate <= Utils.GetUnixTimeStampIn10Years() &&
+                // Expected backend wallet is signer
+                signer.ToLowerInvariant() == project.backendWallet &&
+                // All requested call targets are approved
+                project.requestedCallTargets.All(callTarget => signerCallTargets.Contains(callTarget));
+        }
         #endregion
 
         #region public api
         public async Task<User?> ValidateUserSession(ChainId chainId, string authToken)
         {
             TDKLogger.Log("Validating existing user session");
             var project = await GetProjectByChainId(chainId);
-            var backendWallet = project.backendWallet;
-            var requestedCallTargets = project.requestedCallTargets;
 
             try
             {
@@ -141,8 +156,7 @@ await TDKServiceLocator.GetService<TDKThirdwebService>().Wallet.CreateSessionKey
                 // Check if any active signers match the requested projects' call targets
                 var hasActiveSession = user.allActiveSigners.Any((signer) =>
                 {
-                    return signer.signer.ToLowerInvariant() == backendWallet &&
-                        requestedCallTargets.All(callTarget => signer.approvedTargets.Contains(callTarget));
+                    return ValidateActiveSigner(project, signer.signer, signer.approvedTargets, signer.endTimestamp);
                 });
 
                 if (!hasActiveSession)
@@ -220,17 +234,27 @@ public async Task<string> StartUserSession(ChainId sessionChainId = ChainId.Unkn
             // Smart wallet was already deployed, so check for existing sessions
             if (!didCreateSession)
             {
-                var backendWallet = project.backendWallet;
-                var requestedCallTargets = project.requestedCallTargets;
-                var activeSigners = await TDKServiceLocator.GetService<TDKThirdwebService>().Wallet.GetAllActiveSigners();
+                var hasActiveSession = false;
+                List<SignerWithPermissions> activeSigners = null;
+                try
+                {
+                    activeSigners = await TDKServiceLocator.GetService<TDKThirdwebService>().Wallet.GetAllActiveSigners();
+                }
+                catch (Exception e)
+                {
+                    // GetAllActiveSigners can error if the expirationDate is invalid
+                    // In this case, we will ignore the session and override it by creating a new one
+                    TDKLogger.LogError($"Error fetching active signers: {e}");
+                }
 
-                // Check if any active signers match the requested projects' call targets
-                var hasActiveSession = activeSigners.Any((signer) =>
+                if (activeSigners != null && activeSigners.Count > 0)
                 {
-                    var signerCallTargets = signer.permissions.approvedCallTargets.Select(callTarget => callTarget.ToLowerInvariant());
-                    return signer.signer.ToLowerInvariant() == backendWallet &&
-                        requestedCallTargets.All(callTarget => signerCallTargets.Contains(callTarget));
-                });
+                    // Check if any active signers match the requested projects' call targets
+                    hasActiveSession = activeSigners.Any((signer) =>
+                    {
+                        return ValidateActiveSigner(project, signer.signer, signer.permissions.approvedCallTargets, signer.permissions.expirationDate);
+                    });
+                }
 
                 if (!hasActiveSession)
                 {