moved allowedWallets to env var

piggydoughnut · piggydoughnut · commit cc667a46e7bc · 2024-03-12T11:07:32.000+13:00
diff --git a/.example.env b/.example.env
@@ -15,6 +15,7 @@ OAUTH2_GOOGLE_CLIENT_SECRET=""
 # Polkadot
 AUTH_MESSAGE_TO_SIGN="027bbda234f3e86273683eab96a4a2a1d3a0"
 WALLET_CONNECT_PROJECT_ID="projectIdOnWalletConnectCloud"
+ALLOWED_WALLETS=["polkadot-js","talisman","subwallet-js","subwallet","novawallet","walletconnect"]
 
 # INTEGRATIONS
 
diff --git a/scripts/client.build.ts b/scripts/client.build.ts
@@ -64,6 +64,7 @@ function getBuildConfig(): BuildOptions {
       'process.env.APP_HOST': JSON.stringify(config.appHost),
       'process.env.APP_ICON': JSON.stringify(config.appIcon),
       'process.env.MAPBOX_API_KEY': JSON.stringify(process.env.MAPBOX_API_KEY),
+      'process.env.ALLOWED_WALLETS': JSON.stringify(config.allowedWallets),
       'process.env.AUTH_MESSAGE_TO_SIGN': JSON.stringify(
         config.authMessageToSign
       ),
diff --git a/src/client/config.ts b/src/client/config.ts
@@ -51,6 +51,7 @@ type ClientAppConfig = {
   roleGroups: ClientUserRoleGroup[]
   auth: ClientAuthConfig
   authMessageToSign: string
+  allowedWallets: string[]
   walletConnectProjectId: string
 }
 
@@ -68,6 +69,7 @@ const config: ClientAppConfig = {
   roleGroups: process.env.ROLE_GROUPS as unknown as ClientUserRoleGroup[],
   auth: process.env.AUTH as unknown as ClientAuthConfig,
   authMessageToSign: process.env.AUTH_MESSAGE_TO_SIGN as unknown as string,
+  allowedWallets: process.env.ALLOWED_WALLETS as unknown as string[],
   walletConnectProjectId: process.env
     .WALLET_CONNECT_PROJECT_ID as unknown as string,
 }
diff --git a/src/modules/users/server/router.ts b/src/modules/users/server/router.ts
@@ -33,7 +33,6 @@ import {
 } from './helpers'
 
 import { Metadata } from '../metadata-schema'
-import { allowedPolkadotAuthProviders } from '../shared-helpers'
 
 const ROLES_ALLOWED_TO_BE_ON_MAP = appConfig.getRolesByPermission(
   Permissions.UseMap
@@ -499,7 +498,7 @@ const userRouter: FastifyPluginCallback = async function (fastify, opts) {
       const extensionName = req.body.extensionName as string
       const source = extensionName.replace(/ /g, '').toLowerCase()
 
-      if (!allowedPolkadotAuthProviders.includes(source)) {
+      if (!config.allowedWallets.includes(source)) {
         return reply.throw.badParams(
           'This authentication provider is not approved. Please contact administrator.'
         )
diff --git a/src/modules/users/shared-helpers/index.ts b/src/modules/users/shared-helpers/index.ts
@@ -2,15 +2,6 @@ import dayjs from 'dayjs'
 import dayjsTimezone from 'dayjs/plugin/timezone'
 import dayjsUtc from 'dayjs/plugin/utc'
 
-export const allowedPolkadotAuthProviders = [
-  'polkadot-js',
-  'talisman',
-  'subwallet-js',
-  'subwallet',
-  'novawallet',
-  'walletconnect',
-]
-
 dayjs.extend(dayjsTimezone)
 dayjs.extend(dayjsUtc)
 
diff --git a/src/server/auth/providers/polkadot/index.ts b/src/server/auth/providers/polkadot/index.ts
@@ -4,6 +4,7 @@ import { FastifyInstance, FastifyPluginCallback, FastifyRequest } from 'fastify'
 import type { InjectedAccountWithMeta } from '@polkadot/extension-inject/types'
 import { getSession, getUserByProvider, isValidSignature } from '../helper'
 import { ExtensionAccount } from '#client/components/auth/helper'
+import config from '#server/config'
 
 export const plugin: FastifyPluginCallback = async (
   fastify: FastifyInstance
@@ -12,11 +13,11 @@ export const plugin: FastifyPluginCallback = async (
     '/users',
     async (
       req: FastifyRequest<{
-        Body: { selectedAccount: InjectedAccountWithMeta; signature: string }
+        Body: { selectedAccount: ExtensionAccount; signature: string }
       }>,
       reply
     ) => {
-      const body: InjectedAccountWithMeta = req.body.selectedAccount
+      const body: ExtensionAccount = req.body.selectedAccount
       const isSignatureValid = isValidSignature(
         body.address,
         req.body.signature
@@ -35,11 +36,15 @@ export const plugin: FastifyPluginCallback = async (
     '/login',
     async (
       req: FastifyRequest<{
-        Body: { selectedAccount: InjectedAccountWithMeta; signature: string }
+        Body: { selectedAccount: ExtensionAccount; signature: string }
       }>,
       reply
     ) => {
-      const body: InjectedAccountWithMeta = req.body.selectedAccount
+      const body: ExtensionAccount = req.body.selectedAccount
+      const source = body.source?.replace(/ /g, '').toLowerCase()
+      if (!config.allowedWallets.includes(source)) {
+        return reply.throw.conflict('Unsupported extension')
+      }
       const isSignatureValid = isValidSignature(
         body.address,
         req.body.signature
@@ -69,17 +74,8 @@ export const plugin: FastifyPluginCallback = async (
     ) => {
       const body: ExtensionAccount = req.body.selectedAccount
       const source = body.source?.replace(/ /g, '').toLowerCase()
-      // @todo move to app config?
-      const allowedPolkadotAuthProviders = [
-        'polkadot-js',
-        'talisman',
-        'subwallet-js',
-        'subwallet',
-        'novawallet',
-        'walletconnect',
-      ]
 
-      if (!allowedPolkadotAuthProviders.includes(source)) {
+      if (!config.allowedWallets.includes(source)) {
         return reply.throw.conflict('Unsupported extension')
       }
 
diff --git a/src/server/config.ts b/src/server/config.ts
@@ -20,6 +20,7 @@ type Config = {
   authMessageToSign: string | undefined
   walletConnectProjectId: string | undefined
   superusers: string[]
+  allowedWallets: string[]
   workingHoursTestGroup: string[]
 }
 
@@ -38,6 +39,7 @@ const config: Config = {
   oauth2GoogleClientSecret: process.env.OAUTH2_GOOGLE_CLIENT_SECRET || '',
   superusers: JSON.parse(process.env.SUPERUSERS || '[]'),
   authMessageToSign: process.env.AUTH_MESSAGE_TO_SIGN,
+  allowedWallets: JSON.parse(process.env.ALLOWED_WALLETS || '[]'),
   workingHoursTestGroup: JSON.parse(
     process.env.WORKING_HOURS_TEST_GROUP || '[]'
   ),

Original file line number	Diff line number	Diff line change
`@@ -51,6 +51,7 @@ type ClientAppConfig = {`
`51`	`51`	`roleGroups: ClientUserRoleGroup[]`
`52`	`52`	`auth: ClientAuthConfig`
`53`	`53`	`authMessageToSign: string`
	`54`	`+ allowedWallets: string[]`
`54`	`55`	`walletConnectProjectId: string`
`55`	`56`	`}`
`56`	`57`
`@@ -68,6 +69,7 @@ const config: ClientAppConfig = {`
`68`	`69`	`roleGroups: process.env.ROLE_GROUPS as unknown as ClientUserRoleGroup[],`
`69`	`70`	`auth: process.env.AUTH as unknown as ClientAuthConfig,`
`70`	`71`	`authMessageToSign: process.env.AUTH_MESSAGE_TO_SIGN as unknown as string,`
	`72`	`+ allowedWallets: process.env.ALLOWED_WALLETS as unknown as string[],`
`71`	`73`	`walletConnectProjectId: process.env`
`72`	`74`	`.WALLET_CONNECT_PROJECT_ID as unknown as string,`
`73`	`75`	`}`