This is an automated email from the ASF dual-hosted git repository. robin0716 pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/incubator-answer-plugins.git
commit 4ad4b9709211c0af0e6f9448e65f3d6689b606a3 Author: Lucifer <[email protected]> AuthorDate: Mon Nov 4 22:10:00 2024 +0800 fix: replace crypto lib --- connector-wallet/go.mod | 6 +++--- connector-wallet/go.sum | 12 ++++-------- connector-wallet/wallet.go | 38 ++++++++++++++++++++------------------ 3 files changed, 27 insertions(+), 29 deletions(-) diff --git a/connector-wallet/go.mod b/connector-wallet/go.mod index 1d61d70..d469de1 100644 --- a/connector-wallet/go.mod +++ b/connector-wallet/go.mod @@ -5,14 +5,13 @@ go 1.22 require ( github.com/apache/incubator-answer v1.4.0 github.com/apache/incubator-answer-plugins/util v1.0.2 - github.com/ethereum/go-ethereum v1.14.11 + github.com/i-lucifer/crypto v0.0.2 golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa ) require ( github.com/LinkinStars/go-i18n/v2 v2.2.2 // indirect github.com/aymerick/douceur v0.2.0 // indirect - github.com/btcsuite/btcd/btcec/v2 v2.3.4 // indirect github.com/bytedance/sonic v1.9.1 // indirect github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 // indirect @@ -25,9 +24,9 @@ require ( github.com/goccy/go-json v0.10.2 // indirect github.com/google/wire v0.5.0 // indirect github.com/gorilla/css v1.0.0 // indirect - github.com/holiman/uint256 v1.3.1 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/cpuid/v2 v2.2.4 // indirect + github.com/kr/pretty v0.3.1 // indirect github.com/leodido/go-urn v1.2.4 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/microcosm-cc/bluemonday v1.0.21 // indirect @@ -36,6 +35,7 @@ require ( github.com/pelletier/go-toml/v2 v2.0.8 // indirect github.com/segmentfault/pacman v1.0.5-0.20230822083413-c0075a2d401f // indirect github.com/segmentfault/pacman/contrib/i18n v0.0.0-20230516093754-b76aef1c1150 // indirect + github.com/stretchr/testify v1.9.0 // indirect github.com/twitchyliquid64/golang-asm v0.15.1 // indirect github.com/ugorji/go/codec v1.2.11 // indirect golang.org/x/arch v0.3.0 // indirect diff --git a/connector-wallet/go.sum b/connector-wallet/go.sum index ef4ca7c..7af4300 100644 --- a/connector-wallet/go.sum +++ b/connector-wallet/go.sum @@ -8,16 +8,13 @@ github.com/apache/incubator-answer-plugins/util v1.0.2 h1:PontocVaiEm+oTj+4aDonw github.com/apache/incubator-answer-plugins/util v1.0.2/go.mod h1:KPMSiM4ec4uEl2njaGINYuSl6zVmHdvPB2nHUxVcQDo= github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk= github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4= -github.com/btcsuite/btcd/btcec/v2 v2.3.4 h1:3EJjcN70HCu/mwqlUsGK8GcNVyLVxFDlWurTXGPFfiQ= -github.com/btcsuite/btcd/btcec/v2 v2.3.4/go.mod h1:zYzJ8etWJQIv1Ogk7OzpWjowwOdXY1W/17j2MW85J04= -github.com/btcsuite/btcd/chaincfg/chainhash v1.0.1 h1:q0rUy8C/TYNBQS1+CGKw68tLOFYSNEs0TFnxxnS9+4U= -github.com/btcsuite/btcd/chaincfg/chainhash v1.0.1/go.mod h1:7SFka0XMvUgj3hfZtydOrQY2mwhPclbT2snogU7SQQc= github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM= github.com/bytedance/sonic v1.9.1 h1:6iJ6NqdoxCDr6mbY8h18oSO+cShGSMRGCEo7F2h0x8s= github.com/bytedance/sonic v1.9.1/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U= github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY= github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 h1:qSGYFH7+jGhDF8vLC+iwCD4WpbV1EBDSzWkJODFLams= github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -25,8 +22,6 @@ github.com/decred/dcrd/crypto/blake256 v1.0.0 h1:/8DMNYp9SGi5f0w7uCm6d6M4OU2rGFK github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc= github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 h1:YLtO71vCjJRCBcrPMtQ9nqBsqpA1m5sE92cU+pd5Mcc= github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1/go.mod h1:hyedUtir6IdtD/7lIxGeCxkaw7y45JueMRL4DIyJDKs= -github.com/ethereum/go-ethereum v1.14.11 h1:8nFDCUUE67rPc6AKxFj7JKaOa2W/W1Rse3oS6LvvxEY= -github.com/ethereum/go-ethereum v1.14.11/go.mod h1:+l/fr42Mma+xBnhefL/+z11/hcmJ2egl+ScIVPjhc7E= github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU= github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA= github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE= @@ -52,8 +47,8 @@ github.com/google/wire v0.5.0 h1:I7ELFeVBr3yfPIcc8+MWvrjk+3VjbcSzoXm3JVa+jD8= github.com/google/wire v0.5.0/go.mod h1:ngWDr9Qvq3yZA10YrxfyGELY/AFWGVpy9c1LTRi1EoU= github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY= github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c= -github.com/holiman/uint256 v1.3.1 h1:JfTzmih28bittyHM8z360dCjIA9dbPIBlcTI6lmctQs= -github.com/holiman/uint256 v1.3.1/go.mod h1:EOMSn4q6Nyt9P6efbI3bueV4e1b3dGlUCXeiRV4ng7E= +github.com/i-lucifer/crypto v0.0.2 h1:J4GFdAta+9H0W1X87HHp3Mwewi1jLdp5Jy5qbG/AUDU= +github.com/i-lucifer/crypto v0.0.2/go.mod h1:OvS12NfDI1+SgR3YCXhKQ3LAE7udYt1HAswt99OHuIc= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= @@ -76,6 +71,7 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/pelletier/go-toml/v2 v2.0.8 h1:0ctb6s9mE31h0/lhu+J6OPmVeDxJn+kYnJc2jZR9tGQ= github.com/pelletier/go-toml/v2 v2.0.8/go.mod h1:vuYfssBdrU2XDZ9bYydBu6t+6a6PYNcZljzZR9VXg+4= +github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= diff --git a/connector-wallet/wallet.go b/connector-wallet/wallet.go index 9aca4be..b8ba668 100644 --- a/connector-wallet/wallet.go +++ b/connector-wallet/wallet.go @@ -21,15 +21,14 @@ package wallet import ( "embed" - "encoding/hex" "fmt" - "log" - "strings" + "strconv" + "time" "github.com/apache/incubator-answer-plugins/connector-wallet/i18n" "github.com/apache/incubator-answer-plugins/util" "github.com/apache/incubator-answer/plugin" - "github.com/ethereum/go-ethereum/crypto" + "github.com/i-lucifer/crypto" "golang.org/x/exp/rand" ) @@ -54,7 +53,7 @@ func (g *Connector) Info() plugin.Info { Author: info.Author, Version: info.Version, Link: info.Link, - } + } } func (g *Connector) ConnectorLogoSVG() string { @@ -80,7 +79,7 @@ func generateRandomString(length int) string { } func (g *Connector) ConnectorSender(ctx *plugin.GinContext, receiverURL string) (redirectURL string) { - randomString := generateRandomString(16) + randomString := fmt.Sprintf("%d", time.Now().Unix()) + generateRandomString(8) redirectURL = "/connector-wallet-auth" + "?nonce=" + randomString return redirectURL } @@ -110,23 +109,26 @@ func (g *Connector) guaranteeEmail(email string, accessToken string) string { } func verifySignature(message, signature, address string) bool { - sig, err := hex.DecodeString(signature[2:]) + defer func() { + recover() + }() + if len(message) != 18 { + return false + } + + timestamp, err := strconv.ParseInt(message[0:10], 10, 64) if err != nil { - log.Println("Failed to decode signature:", err) return false } - prefix := "\x19Ethereum Signed Message:\n" + fmt.Sprintf("%d", len(message)) - msg := []byte(prefix + message) - msgHash := crypto.Keccak256Hash(msg) - if sig[64] != 27 && sig[64] != 28 { + if timestamp == 0 { return false } - sig[64] -= 27 - pubKey, err := crypto.SigToPub(msgHash.Bytes(), sig) - if err != nil { - log.Println("Failed to get public key from signature:", err) + nowTime := time.Now().Unix() + diffTime := nowTime - timestamp + if diffTime < 0 || diffTime > 300 { return false } - recoveredAddr := crypto.PubkeyToAddress(*pubKey) - return strings.ToLower(recoveredAddr.Hex()) == strings.ToLower(address) + + valid := crypto.ValidateSignature(message, signature, address) + return valid }
