From 527c39f93051c21263405c5bf9173c16ec2d9d9a Mon Sep 17 00:00:00 2001
From: youngkidwarrior <victor@she.energy>
Date: Tue, 4 Apr 2023 19:07:56 -0700
Subject: [PATCH 1/2] Update BrightID sponsor to use brightid v5 sdk

---
 package.json                |  1 +
 src/services/sponsorUser.js | 95 +++++--------------------------------
 yarn.lock                   | 16 +++++--
 3 files changed, 25 insertions(+), 87 deletions(-)

diff --git a/package.json b/package.json
index 334f728d6..58ecaf521 100644
--- a/package.json
+++ b/package.json
@@ -24,6 +24,7 @@
     "@types/sanitize-html": "^2.6.2",
     "assert": "^2.0.0",
     "bignumber.js": "^9.0.0",
+    "brightid_sdk_v5": "^1.0.2",
     "buffer": "^6.0.3",
     "canvas-confetti": "^1.4.0",
     "clipboard-polyfill": "^3.0.0-pre5",
diff --git a/src/services/sponsorUser.js b/src/services/sponsorUser.js
index 0384147c8..086076912 100644
--- a/src/services/sponsorUser.js
+++ b/src/services/sponsorUser.js
@@ -1,98 +1,25 @@
-import tweetNacl from 'tweetnacl'
-import tweetNaclUtils from 'tweetnacl-util'
-import stringify from 'fast-json-stable-stringify'
-
 import { CONTEXT_ID } from '../constants'
-import { BRIGHTID_SUBSCRIPTION_ENDPOINT, UTC_API_ENDPOINT } from '../endpoints'
-import { NO_CONTENT } from './brightIdResponseCodes'
+import { NO_CONTENT } from './responseCodes'
 import env from '../environment'
+import { sponsor } from 'brightid_sdk_v5'
 
 export async function sponsorUser(account) {
-  try {
-    let timestamp
-    const privateKey = env('NODE_PK')
-
-    if (!privateKey) {
-      return { error: 'No private key found for the node' }
-    }
-
-    try {
-      const dateResponse = await fetch(UTC_API_ENDPOINT, {
-        method: 'GET',
-        headers: {
-          Accept: 'application/json',
-          'Content-Type': 'application/json',
-        },
-      })
-
-      const dateResponseJson = await dateResponse.json()
-      const dateString = dateResponseJson.currentDateTime
-      const currentDate = new Date(dateString)
-      timestamp = currentDate.getTime()
-    } catch (error) {
-      // fallback to system time in case something went wrong with the utc time api
-      timestamp = Date.now()
-    }
+  const privateKey = env('NODE_PK')
 
-    const op = {
-      v: 5,
-      name: 'Sponsor',
-      app: CONTEXT_ID,
-      timestamp,
-      contextId: account,
-    }
-    const message = getMessage(op)
-    const messageUint8Array = Buffer.from(message)
-
-    const privateKeyUint8Array = tweetNaclUtils.decodeBase64(privateKey)
-
-    const signedMessageUint8Array = tweetNacl.sign.detached(
-      messageUint8Array,
-      privateKeyUint8Array
-    )
-
-    op.sig = tweetNaclUtils.encodeBase64(signedMessageUint8Array)
-
-    const endpoint = `${BRIGHTID_SUBSCRIPTION_ENDPOINT}`
-    const rawResponse = await fetch(endpoint, {
-      method: 'POST',
-      headers: {
-        Accept: 'application/json',
-        'Content-Type': 'application/json',
-      },
-      body: JSON.stringify(op),
-    })
-
-    if (rawResponse.ok) {
-      return {
-        error: null,
-      }
-    }
-
-    const response = await rawResponse.json()
+  if (!privateKey) {
+    return { error: 'No private key found for the node' }
+  }
 
-    if (response.code === NO_CONTENT) {
+  try {
+    await sponsor(privateKey, CONTEXT_ID, account)
+  } catch (err) {
+    if (err.code === NO_CONTENT) {
       return {
         error: null,
       }
     }
-
     return {
-      error: response.errorMessage,
-    }
-  } catch (err) {
-    console.error(err)
-    return { error: err }
-  }
-}
-
-function getMessage(op) {
-  const signedOp = {}
-  for (const k in op) {
-    if (['sig', 'sig1', 'sig2', 'hash'].includes(k)) {
-      continue
+      error: err.errorMessage,
     }
-    signedOp[k] = op[k]
   }
-  return stringify(signedOp)
 }
diff --git a/yarn.lock b/yarn.lock
index bd4beb260..3d57a7121 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -3739,7 +3739,7 @@ axios@^0.18.0:
     follow-redirects "1.5.10"
     is-buffer "^2.0.2"
 
-axios@^0.21.1:
+axios@^0.21.0, axios@^0.21.1:
   version "0.21.4"
   resolved "https://registry.yarnpkg.com/axios/-/axios-0.21.4.tgz#c67b90dc0568e5c1cf2b0b858c43ba28e2eda575"
   integrity sha512-ut5vewkiu8jjGBdqpM44XxjuCjq9LAKeHVmoVfHVzy8eHgxxq8SbAVQNovDA8mVi05kP0Ea/n/UzcSHcTJQfNg==
@@ -4464,7 +4464,7 @@ base-x@^3.0.2:
   dependencies:
     safe-buffer "^5.0.1"
 
-base64-js@^1.0.2, base64-js@^1.3.1:
+base64-js@^1.0.2, base64-js@^1.3.1, base64-js@^1.5.1:
   version "1.5.1"
   resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.5.1.tgz#1b1b440160a5bf7ad40b650f095963481903930a"
   integrity sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==
@@ -4637,6 +4637,16 @@ braces@^3.0.1, braces@~3.0.2:
   dependencies:
     fill-range "^7.0.1"
 
+brightid_sdk_v5@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/brightid_sdk_v5/-/brightid_sdk_v5-1.0.2.tgz#9f6d065bc4fa09357f2fa86238cccf14d7e7475f"
+  integrity sha512-6s7bxsp8shxEy78HmSaoVnFKSzkYP8tOS6Qk1q3lWm07QTC/LP3z1gDbh4CBnxHRqpjPnknLdvCiFjaDXLgCgw==
+  dependencies:
+    axios "^0.21.0"
+    base64-js "^1.5.1"
+    fast-json-stable-stringify "^2.1.0"
+    tweetnacl "^1.0.3"
+
 brorand@^1.0.1, brorand@^1.1.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/brorand/-/brorand-1.1.0.tgz#12c25efe40a45e3c323eb8675a0a0ce57b22371f"
@@ -14210,7 +14220,7 @@ tweetnacl@^0.14.3, tweetnacl@~0.14.0:
   resolved "https://registry.yarnpkg.com/tweetnacl/-/tweetnacl-0.14.5.tgz#5ae68177f192d4456269d108afa93ff8743f4f64"
   integrity sha1-WuaBd/GS1EViadEIr6k/+HQ/T2Q=
 
-tweetnacl@^1.0.0:
+tweetnacl@^1.0.0, tweetnacl@^1.0.3:
   version "1.0.3"
   resolved "https://registry.yarnpkg.com/tweetnacl/-/tweetnacl-1.0.3.tgz#ac0af71680458d8a6378d0d0d050ab1407d35596"
   integrity sha512-6rt+RN7aOi1nGMyC4Xa5DdYiukl2UWCbcJft7YhxReBGQD7OAM8Pbxw6YMo4r2diNEA8FEmu32YOn9rhaiE5yw==

From 78ae5187b30d278ce7a23d804c060df13192f76a Mon Sep 17 00:00:00 2001
From: youngkidwarrior <victor@she.energy>
Date: Tue, 4 Apr 2023 19:12:39 -0700
Subject: [PATCH 2/2] Require users to scan QR code before sponsor

---
 src/components/Profile/BrightIdModal.js | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/components/Profile/BrightIdModal.js b/src/components/Profile/BrightIdModal.js
index db902cf23..c8f79ac3f 100644
--- a/src/components/Profile/BrightIdModal.js
+++ b/src/components/Profile/BrightIdModal.js
@@ -1,6 +1,7 @@
 import React, { useEffect, useState } from 'react'
 import QRCode from 'qrcode.react'
 import {
+  Button,
   GU,
   Info,
   Modal,
@@ -15,6 +16,7 @@ import { sponsorUser } from '@/services/sponsorUser'
 
 function BrightIdModal({ account, addressExist, visible, onClose }) {
   const [error, setError] = useState(null)
+  const [hasScannedQr, setHasScannedQr] = useState(false)
 
   const deepLink = `${BRIGHT_ID_APP_DEEPLINK}/${account}`
   const { width } = useViewport()
@@ -85,7 +87,7 @@ function BrightIdModal({ account, addressExist, visible, onClose }) {
         >
           Connect with BrightID
         </h5>
-        {addressExist ? (
+        {addressExist && hasScannedQr ? (
           <div
             css={`
               display: flex;
@@ -141,6 +143,14 @@ function BrightIdModal({ account, addressExist, visible, onClose }) {
               Scanning this code will prevent any previously connected addresses
               from connecting to BrightID in the future through any 1Hive apps
             </Info>
+            <Button
+              onClick={() => setHasScannedQr(true)}
+              css={`
+                margin-top: ${3 * GU}px;
+              `}
+            >
+              Continue after Scanning QR Code
+            </Button>
           </>
         )}
       </div>