MCPcopy Index your code
hub / github.com/supabase/auth / web3GrantSolana

Method web3GrantSolana

internal/api/web3.go:54–204  ·  view source on GitHub ↗
(ctx context.Context, w http.ResponseWriter, r *http.Request, params *Web3GrantParams)

Source from the content-addressed store, hash-verified

52}
53
54func (a *API) web3GrantSolana(ctx context.Context, w http.ResponseWriter, r *http.Request, params *Web3GrantParams) error {
55 config := a.config
56 db := a.db.WithContext(ctx)
57
58 if len(params.Message) < 64 {
59 return apierrors.NewBadRequestError(apierrors.ErrorCodeValidationFailed, "message is too short")
60 } else if len(params.Message) > 20*1024 {
61 return apierrors.NewBadRequestError(apierrors.ErrorCodeValidationFailed, "message must not exceed 20KB")
62 }
63
64 if len(params.Signature) != 86 && len(params.Signature) != 88 {
65 return apierrors.NewBadRequestError(apierrors.ErrorCodeValidationFailed, "signature must be 64 bytes encoded as base64 with or without padding")
66 }
67
68 base64URLSignature := strings.ReplaceAll(strings.ReplaceAll(strings.TrimRight(params.Signature, "="), "+", "-"), "/", "_")
69 signatureBytes, err := base64.RawURLEncoding.DecodeString(base64URLSignature)
70 if err != nil {
71 return apierrors.NewBadRequestError(apierrors.ErrorCodeValidationFailed, "signature does not contain valid base64 characters")
72 }
73
74 parsedMessage, err := siws.ParseMessage(params.Message)
75 if err != nil {
76 return apierrors.NewBadRequestError(apierrors.ErrorCodeValidationFailed, "%s", err.Error())
77 }
78
79 if !parsedMessage.VerifySignature(signatureBytes) {
80 return apierrors.NewOAuthError("invalid_grant", "Signature does not match address in message")
81 }
82
83 if parsedMessage.URI.Scheme != "https" && parsedMessage.URI.Hostname() != "localhost" {
84 return apierrors.NewOAuthError("invalid_grant", "Signed Solana message is using URI which does not use HTTPS")
85 }
86
87 if !utilities.IsRedirectURLValid(config, parsedMessage.URI.String()) {
88 return apierrors.NewOAuthError("invalid_grant", "Signed Solana message is using URI which is not allowed on this server, message was signed for another app")
89 }
90
91 if parsedMessage.URI.Hostname() != "localhost" && (parsedMessage.URI.Host != parsedMessage.Domain || !utilities.IsRedirectURLValid(config, "https://"+parsedMessage.Domain+"/")) {
92 return apierrors.NewOAuthError("invalid_grant", "Signed Solana message is using a Domain that does not match the one in URI which is not allowed on this server")
93 }
94
95 now := a.Now()
96
97 if !parsedMessage.NotBefore.IsZero() && now.Before(parsedMessage.NotBefore) {
98 return apierrors.NewOAuthError("invalid_grant", "Signed Solana message becomes valid in the future")
99 }
100
101 if !parsedMessage.ExpirationTime.IsZero() && now.After(parsedMessage.ExpirationTime) {
102 return apierrors.NewOAuthError("invalid_grant", "Signed Solana message is expired")
103 }
104
105 latestExpiryAt := parsedMessage.IssuedAt.Add(config.External.Web3Solana.MaximumValidityDuration)
106
107 if now.After(latestExpiryAt) {
108 return apierrors.NewOAuthError("invalid_grant", "Solana message was issued too long ago")
109 }
110
111 earliestIssuedAt := parsedMessage.IssuedAt.Add(-config.External.Web3Solana.MaximumValidityDuration)

Callers 1

Web3GrantMethod · 0.95

Calls 15

NowMethod · 0.95
FillGrantParamsMethod · 0.95
issueRefreshTokenMethod · 0.95
NewBadRequestErrorFunction · 0.92
ParseMessageFunction · 0.92
NewOAuthErrorFunction · 0.92
IsRedirectURLValidFunction · 0.92
NewAuditLogEntryFunction · 0.92
RecordLoginFunction · 0.92

Tested by

no test coverage detected