From 5f11ecedc7d3449e16a522d6dedb8b53a7d82c2e Mon Sep 17 00:00:00 2001 From: mpavlovicbb <58938959+mpavlovicbb@users.noreply.github.com> Date: Thu, 22 Aug 2024 17:10:09 +0200 Subject: [PATCH 1/2] Update merge.yaml --- .github/workflows/merge.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/merge.yaml b/.github/workflows/merge.yaml index 1e4d061..c00ff07 100644 --- a/.github/workflows/merge.yaml +++ b/.github/workflows/merge.yaml @@ -138,6 +138,7 @@ jobs: docker push ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }} - name: Deploy with Qovery + if: github.ref == 'refs/heads/dev' env: QOVERY_CLI_ACCESS_TOKEN: ${{secrets.QOVERY_CLI_ACCESS_TOKEN }} run: | From 9c0792628b584dfd799b07ea69c2e3ec0a892298 Mon Sep 17 00:00:00 2001 From: Vukasin Paunovic Date: Fri, 23 Aug 2024 17:25:38 +0200 Subject: [PATCH 2/2] feat(#1810) - add stake key hash validation instead of wallet address --- backend/src/extensions/users-permissions/strapi-server.js | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/backend/src/extensions/users-permissions/strapi-server.js b/backend/src/extensions/users-permissions/strapi-server.js index bd75834..d45a99b 100644 --- a/backend/src/extensions/users-permissions/strapi-server.js +++ b/backend/src/extensions/users-permissions/strapi-server.js @@ -63,7 +63,13 @@ module.exports = (plugin) => { const publicKey = PublicKey.from_bytes(pubKeyBytes); const signature = Ed25519Signature.from_bytes(decoded.signature()); const receivedData = decoded.signed_data().to_bytes(); - const isVerified = publicKey.verify(receivedData, signature); + + // Remove network id from identifier + const rawKeyHash = identifier.slice(2); + + const isVerified = + publicKey.verify(receivedData, signature) && + rawKeyHash === publicKey.hash().to_hex(); if (!isVerified) { throw new ApplicationError("Verification failed");