feat: wallet signature verification middleware for API auth (closes #41)#159
Merged
Merged
Conversation
Quantarq#41) - Add verify_wallet_signature FastAPI dependency (wallet_auth.py) - Protect POST /api/update-user-contract and /api/subscribe-to-notification in user.py (position.py and vault.py were already protected) - Re-export verify_wallet_signature from dependencies.py for clean imports - Frontend: add signNonce() to wallet.jsx using Freighter signMessage API - Frontend: add getAuthHeaders(walletId) to axios.js; fetches nonce, signs it, returns x-wallet-id / x-nonce / x-signature headers - Frontend: update create-position POST in transaction.js with auth headers - Frontend: update update-user-contract POST in contract.js with auth headers - Fix test_positions.py: remove module-level app.dependency_overrides.clear() that was wiping the bypass_wallet_auth autouse fixture All 23 wallet_auth unit tests pass. The bypass_wallet_auth autouse fixture in conftest.py keeps existing test suites decoupled from real signatures.
Contributor
|
✅ Nice work, @Tyler7x — challenge/response using Freighter |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements Ed25519 Stellar wallet signature verification middleware for all state-changing API endpoints, closing the critical authentication bypass described in issue #41.
Changes
Backend
web_app/api/wallet_auth.py(existing) — nonce generation, Ed25519 verification,verify_wallet_signatureFastAPI dependency,GET /api/auth/nonceendpointweb_app/api/dependencies.py— re-exportsverify_wallet_signaturealongsideget_stellar_clientfor clean import pathsweb_app/api/user.py— addedDepends(verify_wallet_signature)toPOST /api/update-user-contractandPOST /api/subscribe-to-notification(previously unprotected)position.pyandvault.pywere already protectedFrontend
services/wallet.jsx— addssignNonce(nonce, walletId)using Freighter'ssignMessageAPI; converts base64 → hex to match backendbytes.fromhex()utils/axios.js— addsgetAuthHeaders(walletId): fetches nonce from/api/auth/nonce, signs it, returnsx-wallet-id/x-nonce/x-signatureheadersservices/transaction.js—POST /api/create-positionnow includes auth headersservices/contract.js—POST /api/update-user-contractnow includes auth headersTests
tests/test_positions.py— removed module-levelapp.dependency_overrides.clear()that was wiping thebypass_wallet_authautouse fixture and causing auth failures on protected endpointstests/conftest.py(existing) —bypass_wallet_authautouse fixture keeps all existing test suites decoupled from real crypto;test_wallet_auth.pycovers the full auth flow with 23 unit testsTest Results
test_positions.py(no local Postgres) — unchanged frommainAcceptance Criteria
wallet_id401 Unauthorizedwith descriptive error401 Unauthorizedwith clear message