From a8952dbec9b698c3fd5793deef32d94b6058b402 Mon Sep 17 00:00:00 2001 From: Sagar Date: Sun, 25 Feb 2024 18:13:20 +0530 Subject: [PATCH 1/2] granting token only if posting authority found. This token will be subsequently used for upvote, comment, post etc. Without posting authority, all of the operations may fail. --- src/repositories/hive/hive.repository.ts | 14 ++++++++++++++ src/services/auth/auth.controller.ts | 12 +++++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/src/repositories/hive/hive.repository.ts b/src/repositories/hive/hive.repository.ts index 20133fc..3b5737d 100644 --- a/src/repositories/hive/hive.repository.ts +++ b/src/repositories/hive/hive.repository.ts @@ -148,4 +148,18 @@ export class HiveRepository { PrivateKey.fromString(process.env.DELEGATED_ACCOUNT_POSTING), ) } + + async doWeHavePostingAuth(account: any) { + let doWe = false + if (Array.isArray(account.posting.account_auths)) { + account.posting.account_auths.forEach(function (item) { + if (item[0] === 'threespeak') { + doWe = true + } + }) + return doWe + } else { + return false + } + } } diff --git a/src/services/auth/auth.controller.ts b/src/services/auth/auth.controller.ts index 9d5b2db..3909b85 100644 --- a/src/services/auth/auth.controller.ts +++ b/src/services/auth/auth.controller.ts @@ -63,7 +63,17 @@ export class AuthController { this.hiveRepository.verifyHiveMessage(cryptoUtils.sha256(JSON.stringify(proof_payload)), body.proof, accountDetails) && new Date(proof_payload.ts) > moment().subtract('1', 'minute').toDate() //Extra safety to prevent request reuse ) { - return await this.authService.authenticateUser(proof_payload.account) + if (this.hiveRepository.doWeHavePostingAuth(accountDetails)) { + return await this.authService.authenticateUser(proof_payload.account) + } else { + throw new HttpException( + { + reason: `Hive Account @${proof_payload.account} has not granted posting authority to @threespeak`, + errorType: "MISSING_POSTING_AUTHORITY" + }, + HttpStatus.BAD_REQUEST, + ) + } } else { throw new HttpException( { From 18e1cae34c6b148162276dab6ac2fee4e0f057a0 Mon Sep 17 00:00:00 2001 From: Sagar Date: Tue, 27 Feb 2024 23:25:44 +0530 Subject: [PATCH 2/2] Changes as per PR --- src/repositories/hive/hive.repository.ts | 2 +- src/services/auth/auth.controller.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/repositories/hive/hive.repository.ts b/src/repositories/hive/hive.repository.ts index 3b5737d..d4e9039 100644 --- a/src/repositories/hive/hive.repository.ts +++ b/src/repositories/hive/hive.repository.ts @@ -149,7 +149,7 @@ export class HiveRepository { ) } - async doWeHavePostingAuth(account: any) { + async verifyPostingAuth(account: any) { let doWe = false if (Array.isArray(account.posting.account_auths)) { account.posting.account_auths.forEach(function (item) { diff --git a/src/services/auth/auth.controller.ts b/src/services/auth/auth.controller.ts index 3909b85..ff58247 100644 --- a/src/services/auth/auth.controller.ts +++ b/src/services/auth/auth.controller.ts @@ -63,7 +63,7 @@ export class AuthController { this.hiveRepository.verifyHiveMessage(cryptoUtils.sha256(JSON.stringify(proof_payload)), body.proof, accountDetails) && new Date(proof_payload.ts) > moment().subtract('1', 'minute').toDate() //Extra safety to prevent request reuse ) { - if (this.hiveRepository.doWeHavePostingAuth(accountDetails)) { + if (this.hiveRepository.verifyPostingAuth(accountDetails)) { return await this.authService.authenticateUser(proof_payload.account) } else { throw new HttpException(