chore: improve auth with [email protected]

Cargo.toml

@@ -51,8 +51,8 @@ ic_cose_types = "0.6"
 ic_cose = "0.6"
 ic_object_store = "0.6"
 ic-agent = "0.39"
-ic_tee_agent = "0.2"
-ic_tee_gateway_sdk = "0.2"
+ic_tee_agent = "0.3"
+ic_tee_gateway_sdk = "0.3"
 num-traits = "0.2"
 object_store = { version = "0.10.2" }
 tokio-util = "0.7"

agents/anda_bot/nitro_enclave/amd64.Dockerfile

@@ -22,7 +22,7 @@ RUN mv linux-amd64/dnsproxy ./ \
 RUN wget -O ic_tee_daemon https://github.com/ldclabs/ic-tee/releases/download/v0.2.14/ic_tee_daemon
 RUN chmod +x ic_tee_daemon
 
-RUN wget -O ic_tee_nitro_gateway https://github.com/ldclabs/ic-tee/releases/download/v0.2.14/ic_tee_nitro_gateway
+RUN wget -O ic_tee_nitro_gateway https://github.com/ldclabs/ic-tee/releases/download/v0.3.0/ic_tee_nitro_gateway
 RUN chmod +x ic_tee_nitro_gateway
 
 RUN wget -O anda_bot https://github.com/ldclabs/anda/releases/download/v0.4.0/anda_bot

agents/anda_bot/src/handler.rs

@@ -49,7 +49,7 @@ impl AppState {
             Web3SDK::Web3(_cli) => {
                 // verify signature
                 let caller = if let Some(sig) = UserSignature::try_from(headers) {
-                    match sig.verify_with(self.info.id, unix_ms(), verify_sig) {
+                    match sig.verify_with(unix_ms(), verify_sig, Some(self.info.id), None) {
                         Ok(_) => sig.user,
                         Err(_) => {
                             return false;

anda_engine_server/src/handler.rs

@@ -8,7 +8,7 @@ use candid::Principal;
 use ciborium::from_reader;
 use ic_cose_types::to_cbor_bytes;
 use ic_tee_agent::{
-    http::{Content, UserSignature, ANONYMOUS_PRINCIPAL},
+    http::{Content, ContentWithSHA3, UserSignature, ANONYMOUS_PRINCIPAL},
     RPCRequest, RPCResponse,
 };
 use serde_bytes::ByteBuf;
@@ -31,7 +31,7 @@ pub async fn get_information(
     headers: http::HeaderMap,
 ) -> impl IntoResponse {
     let caller = if let Some(sig) = UserSignature::try_from(&headers) {
-        match sig.verify_with(app.default_engine, unix_ms(), verify_sig) {
+        match sig.verify_with(unix_ms(), verify_sig, None, None) {
             Ok(_) => sig.user,
             Err(_) => ANONYMOUS_PRINCIPAL,
         }
@@ -57,31 +57,33 @@ pub async fn anda_engine(
     State(app): State<AppState>,
     headers: http::HeaderMap,
     Path(id): Path<String>,
-    ct: Content<RPCRequest>,
+    ct: ContentWithSHA3<RPCRequest>,
 ) -> impl IntoResponse {
     let id = Principal::from_text(&id).unwrap_or(app.default_engine);
+    let (req, hash) = match ct {
+        ContentWithSHA3::CBOR(req, hash) => (req, hash),
+        ContentWithSHA3::JSON(_, _) => {
+            return StatusCode::UNSUPPORTED_MEDIA_TYPE.into_response();
+        }
+    };
+
     let caller = if let Some(sig) = UserSignature::try_from(&headers) {
-        match sig.verify_with(id, unix_ms(), verify_sig) {
+        match sig.verify_with(unix_ms(), verify_sig, Some(id), Some(hash.as_slice())) {
             Ok(_) => sig.user,
             Err(_) => ANONYMOUS_PRINCIPAL,
         }
     } else {
         ANONYMOUS_PRINCIPAL
     };
 
-    match ct {
-        Content::CBOR(req, _) => {
-            log::info!(
-                method = req.method.as_str(),
-                agent = id.to_text(),
-                caller = caller.to_text();
-                "anda_engine",
-            );
-            let res = engine_run(&req, &app, caller, id).await;
-            Content::CBOR(res, None).into_response()
-        }
-        _ => StatusCode::UNSUPPORTED_MEDIA_TYPE.into_response(),
-    }
+    log::info!(
+        method = req.method.as_str(),
+        agent = id.to_text(),
+        caller = caller.to_text();
+        "anda_engine",
+    );
+    let res = engine_run(&req, &app, caller, id).await;
+    Content::CBOR(res, None).into_response()
 }
 
 async fn engine_run(