From c2f648626d7f1de7db348fecbe405504dd903c28 Mon Sep 17 00:00:00 2001 From: Bryan Stitt Date: Thu, 20 Oct 2022 08:36:53 +0000 Subject: [PATCH] delete on successful login --- web3_proxy/src/frontend/users.rs | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/web3_proxy/src/frontend/users.rs b/web3_proxy/src/frontend/users.rs index 67d88eeb..42ba85ae 100644 --- a/web3_proxy/src/frontend/users.rs +++ b/web3_proxy/src/frontend/users.rs @@ -205,8 +205,9 @@ pub async fn user_login_post( let login_nonce_key = format!("login_nonce:{}", &their_msg.nonce); // fetch the message we gave them from our redis - // TODO: use getdel - let our_msg: Option = app.redis_conn().await?.get(&login_nonce_key).await?; + let mut redis_conn = app.redis_conn().await?; + + let our_msg: Option = redis_conn.get(&login_nonce_key).await?; let our_msg: String = our_msg.context("login nonce not found")?; @@ -215,18 +216,9 @@ pub async fn user_login_post( // TODO: info for now info!(?our_msg, ?their_msg); - // TODO: check the domain and a nonce? // let timestamp be automatic - let verify_config = VerificationOpts { - // domain: Some(our_msg.domain.clone()), - // nonce: Some(our_msg.nonce.clone()), - ..Default::default() - }; - - // let their_verification = their_msg - // .verify(&their_sig, &verify_config) - // .await - // .context("verifying signature in their message"); + // we don't need to check domain or nonce because we store the message safely locally + let verify_config = VerificationOpts::default(); // TODO: verify or verify_eip191? // TODO: save this when we save the message type to redis? we still need to check both @@ -320,17 +312,20 @@ pub async fn user_login_post( }; // add bearer to redis - let mut redis_conn = app.redis_conn().await?; - let bearer_redis_key = format!("bearer:{}", bearer_token); // expire in 4 weeks + // TODO: do this with a pipe // TODO: get expiration time from app config // TODO: do we use this? redis_conn .set_ex(bearer_redis_key, u.id.to_string(), 2_419_200) .await?; + if let Err(err) = redis_conn.del::<_, u64>(&login_nonce_key).await { + warn!("Failed to delete login_nonce_key: {}", login_nonce_key); + } + Ok(response) }