adding debug logs for hmac secret verification of /savekey endpoint (#…

…148) * adding debug logs for hmac secret verification of /savekey endpoint * changing console.log to logger, package.json version change
etherspot · Nov 21, 2024 · a0e5642 · a0e5642
1 parent a192706
commit a0e5642
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 2 deletions.
diff --git a/backend/package.json b/backend/package.json
@@ -1,6 +1,6 @@
 {
   "name": "arka",
-  "version": "1.6.7",
+  "version": "1.6.8",
   "description": "ARKA - (Albanian for Cashier's case) is the first open source Paymaster as a service software",
   "type": "module",
   "directories": {

diff --git a/backend/src/routes/admin-routes.ts b/backend/src/routes/admin-routes.ts
@@ -107,8 +107,15 @@ const adminRoutes: FastifyPluginAsync = async (server) => {
       const privateKey = wallet.privateKey;
       const publicAddress = await wallet.getAddress();
 
+      request.log.info(`-----------headers---------- ${JSON.stringify(request.headers)}`);
+      request.log.info(`-----------hmac secret---------- ${server.config.HMAC_SECRET}`);
+
+
       if(!unsafeMode) {
         const { 'x-signature': signature, 'x-timestamp': timestamp } = request.headers as IncomingHttpHeaders & AuthDto;
+        request.log.info(`-----------signature---------- ${signature}`);
+        request.log.info(`-----------timestamp---------- ${timestamp}`);
+
         if(!signature || !timestamp)
           return reply.code(ReturnCode.NOT_AUTHORIZED).send({ error: ErrorMessage.INVALID_SIGNATURE_OR_TIMESTAMP });
         if(!verifySignature(signature, request.body as string, timestamp, server.config.HMAC_SECRET))

diff --git a/backend/src/utils/crypto.ts b/backend/src/utils/crypto.ts
@@ -1,5 +1,6 @@
 import crypto, { BinaryToTextEncoding } from 'crypto';
 import { KmsKeyringNode, buildClient, CommitmentPolicy } from '@aws-crypto/client-node';
+import { server } from 'server';
 
 function createDigest(encodedData: string, format: BinaryToTextEncoding, hmacSecret: string) {
   return crypto
@@ -65,13 +66,16 @@ export async function decodeSafe(value: string, hmacSecret: string) {
 export function verifySignature(signature: string, data: string, timestamp: string, hmacSecret: string) {
   // unauthorize signature if signed before 10s or signed in future.
   const now = Date.now();
+  server.log.info(`-----------now---------- ${now}`);
+  server.log.info(`-----------hmacSecret---------- ${hmacSecret}`);
   if(
     now < parseInt(timestamp) ||
     now - parseInt(timestamp) > 10000
   ) {
     return false;
   }
   const computedSignature = createDigest(data + timestamp, 'hex', hmacSecret);
-
+  server.log.info(`-----------computedSignature----------${computedSignature}`);
+  server.log.info(`-----------signature----------${signature} ${computedSignature === signature}`);
   return signature === computedSignature;
 }