diff --git a/stellar-payment-platform/server.js b/stellar-payment-platform/server.js index 96bf1bd..8d427c1 100644 --- a/stellar-payment-platform/server.js +++ b/stellar-payment-platform/server.js @@ -336,7 +336,8 @@ const verifyFreighterRegistrationSignature = ({ signerAddress, }) => { const message = `register:${username}:${address}`; - const keypair = Keypair.fromPublicKey(address); + const claimedSigner = signerAddress || address; + const keypair = Keypair.fromPublicKey(claimedSigner); let signatureBuffer; if (Buffer.isBuffer(signature)) { @@ -353,13 +354,18 @@ const verifyFreighterRegistrationSignature = ({ throw error; } - const claimedSigner = signerAddress || address; if (!StrKey.isValidEd25519PublicKey(claimedSigner)) { const error = new Error('Invalid signer address format.'); error.statusCode = 400; throw error; } + if (claimedSigner !== address) { + const error = new Error('Signer address does not match the connected wallet.'); + error.statusCode = 401; + throw error; + } + return claimedSigner; };