Skip to content

Instantly share code, notes, and snippets.

@duartefdias

duartefdias/NodejsMetamaskNftAuthentication route

Created April 12, 2022 21:15
Show Gist options
  • Save duartefdias/324e68cf98118290e67f6ea5daec3f3c to your computer and use it in GitHub Desktop.
Save duartefdias/324e68cf98118290e67f6ea5daec3f3c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
NodejsMetamaskNftAuthentication route
// Process signed message
router.post('/:user/signature', (req, res) => {
// Get user from db
db.get('SELECT * FROM users WHERE address = ?', [req.params.user], (err, row) => {
if (err) {
console.error(err.message);
return res.status(500).send(err.message);
}
if (row) {
const msg = `Nonce: ${row.nonce}`;
console.log("User nonce from db: " + row.nonce);
// Convert msg to hex string
const msgHex = ethUtil.bufferToHex(Buffer.from(msg));
// Check if signature is valid
const msgBuffer = ethUtil.toBuffer(msgHex);
const msgHash = ethUtil.hashPersonalMessage(msgBuffer);
const signatureBuffer = ethUtil.toBuffer(req.body.signature);
const signatureParams = ethUtil.fromRpcSig(signatureBuffer);
const publicKey = ethUtil.ecrecover(
msgHash,
signatureParams.v,
signatureParams.r,
signatureParams.s
);
const addressBuffer = ethUtil.publicToAddress(publicKey);
const address = ethUtil.bufferToHex(addressBuffer);
console.log("Decrypted address: " + address);
console.log("User address: " + req.params.user);
// Check if address matches
if (address.toLowerCase() === req.params.user.toLowerCase()) {
// Run NFT ownership check if env flag is enabled
if (process.env.RESTRICT_BY_NFT_COLLECTION == "true") {
request.get(`https://api.opensea.io/api/v1/assets?owner=${req.params.user}&collection=${process.env.NFT_COLLECTION_SLUG}`, (err, response, body) => {
if (err) {
console.error(err.message);
return res.status(500).send(err.message);
}
if (response.statusCode == 200) {
if (JSON.parse(body).assets.length >= 0) {
console.log("User owns NFT from collection - access granted");
// Update user nonce
var newNonce = Math.floor(Math.random() * 1000000);
db.run('UPDATE users SET nonce = ? WHERE address = ?', [newNonce, req.params.user], (err) => {
if (err) {
console.error(err.message);
return res.status(500).send(err.message);
}
// Set jwt token
const token = jwt.sign({
address: req.params.user,
nonce: newNonce
}, process.env.JWT_SECRET);
return res.status(200).send({
success: true,
token: `Bearer ${token}`,
user: row,
msg: "You are now logged in."
});
});
} else {
console.log("User does not own NFT from collection - access denied");
return res.status(403).send("User does not own NFT from collection");
}
} else {
console.log("User does not own NFT from collection");
return res.status(403).send("User does not own NFT from collection");
}
});
}
if (process.env.RESTRICT_BY_NFT_COLLECTION == "false") {
// Update user nonce
var newNonce = Math.floor(Math.random() * 1000000);
db.run('UPDATE users SET nonce = ? WHERE address = ?', [newNonce, req.params.user], (err) => {
if (err) {
console.error(err.message);
return res.status(500).send(err.message);
}
// Set jwt token
const token = jwt.sign({
address: req.params.user,
nonce: newNonce
}, process.env.JWT_SECRET);
return res.status(200).send({
success: true,
token: `Bearer ${token}`,
user: row,
msg: "You are now logged in."
});
});
}
} else {
return res.status(401).send({
success: false,
msg: "Signature is invalid."
});
}
} else {
console.log('User does not exist');
return res.status(404).send('User not found');
}
});
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment