Page MenuHomePhabricator
Files F3489164

D6737.id22612.diff
No OneTemporary
Actions

D6737.id22612.diff
View Options

diff --git a/lib/utils/siwe-utils.js b/lib/utils/siwe-utils.js
--- a/lib/utils/siwe-utils.js
+++ b/lib/utils/siwe-utils.js
@@ -44,8 +44,18 @@
return message.prepareMessage();
}
-const expectedDomain = isDev ? 'localhost:3000' : 'comm.app';
-const expectedURI = isDev ? 'http://localhost:3000' : 'https://comm.app';
+function isValidSIWEDomain(candidate: string): boolean {
+ return isDev
+ ? candidate === 'localhost:3000'
+ : candidate === 'comm.app' || candidate === 'web.comm.app';
+}
+
+function isValidSIWEURI(candidate: string): boolean {
+ return isDev
+ ? candidate === 'http://localhost:3000'
+ : candidate === 'https://comm.app' || candidate === 'https://web.comm.app';
+}
+
// Verify that the SIWEMessage is a well formed Comm SIWE Auth message.
function isValidSIWEMessage(candidate: SIWEMessage): boolean {
return (
@@ -55,8 +65,8 @@
isValidSIWEStatementWithPublicKey(candidate.statement))) &&
candidate.version === '1' &&
candidate.chainId === 1 &&
- candidate.domain === expectedDomain &&
- candidate.uri === expectedURI &&
+ isValidSIWEDomain(candidate.domain) &&
+ isValidSIWEURI(candidate.uri) &&
isValidSIWENonce(candidate.nonce) &&
isValidEthereumAddress(candidate.address)
);

File Metadata

Mime Type
text/plain
Expires
Thu, Dec 19, 11:52 AM (21 h, 16 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2676508
Default Alt Text
D6737.id22612.diff (1 KB)

Event Timeline