Remove setEth function and initialize eth client in connector.Open

DIMO-Network · Jan 18, 2024 · 82ad3fa · 82ad3fa
1 parent 9b4c897
commit 82ad3fa
Showing 1 changed file with 87 additions and 0 deletions.
diff --git a/server/handlers.go b/server/handlers.go
@@ -525,6 +525,93 @@ func (s *Server) handleVerifyDirect(w http.ResponseWriter, r *http.Request) {
 // Handle the usual token request, except instead of the code we look for
 // state (the auth request) and the sugnature.
 
+func (s *Server) handleSubmitChallenge(w http.ResponseWriter, r *http.Request) {
+	if err := r.ParseForm(); err != nil {
+		s.renderErrorJSON(w, http.StatusBadRequest, "Couldn't parse form.")
+		return
+	}
+
+	r.PostForm.Set("redirect_uri", r.Form.Get("domain"))
+
+	authReqID := r.PostFormValue("state")
+	authReq, err := s.storage.GetAuthRequest(authReqID)
+	if err != nil {
+		s.renderErrorJSON(w, http.StatusBadRequest, "Requested resource does not exist.")
+		return
+	}
+
+	var data web3ConnectorData
+	json.Unmarshal(authReq.ConnectorData, &data)
+
+	conn, err := s.getConnector(authReq.ConnectorID)
+	if err != nil {
+		s.renderErrorJSON(w, http.StatusInternalServerError, "Requested resource does not exist.")
+		return
+	}
+
+	w3Conn, ok := conn.Connector.(connector.Web3Connector)
+	if !ok {
+		s.renderErrorJSON(w, http.StatusInternalServerError, "Requested resource does not exist.")
+		return
+	}
+
+	identity, err := w3Conn.Verify(data.Address, data.Nonce, r.PostFormValue("signature"))
+	if err != nil {
+		s.renderErrorJSON(w, http.StatusBadRequest, "Could not verify signature.")
+		return
+	}
+
+	_, _, err = s.finalizeLogin(identity, authReq, conn)
+	if err != nil {
+		s.renderErrorJSON(w, http.StatusInternalServerError, "Login failure.")
+	}
+
+	// Need to pick up the changes made by finalizeLogin. This is pretty gross!
+	authReq, err = s.storage.GetAuthRequest(authReqID)
+	if err != nil {
+		s.logger.Errorf("Failed to get auth request: %v", err)
+		s.renderError(r, w, http.StatusInternalServerError, "Database error.")
+		return
+	}
+
+	if s.now().After(authReq.Expiry) {
+		s.renderErrorJSON(w, http.StatusBadRequest, "User session has expired.")
+		return
+	}
+
+	if err := s.storage.DeleteAuthRequest(authReq.ID); err != nil {
+		if err != storage.ErrNotFound {
+			s.logger.Errorf("Failed to delete authorization request: %v", err)
+			s.renderErrorJSON(w, http.StatusInternalServerError, "Internal server error.")
+		} else {
+			s.renderErrorJSON(w, http.StatusBadRequest, "User session error.")
+		}
+		return
+	}
+
+	code := storage.AuthCode{
+		ID:            storage.NewID(),
+		ClientID:      authReq.ClientID,
+		ConnectorID:   authReq.ConnectorID,
+		Nonce:         authReq.Nonce,
+		Scopes:        authReq.Scopes,
+		Claims:        authReq.Claims,
+		Expiry:        s.now().Add(time.Minute * 30),
+		RedirectURI:   authReq.RedirectURI,
+		ConnectorData: authReq.ConnectorData,
+		PKCE:          authReq.PKCE,
+	}
+	if err := s.storage.CreateAuthCode(code); err != nil {
+		s.logger.Errorf("Failed to create auth code: %v", err)
+		s.renderError(r, w, http.StatusInternalServerError, "Internal server error.")
+		return
+	}
+
+	r.PostForm.Set("code", code.ID)
+
+	s.handleToken(w, r)
+}
+
 func (s *Server) handleCreateAuthorizationRequest(w http.ResponseWriter, r *http.Request) {
 	authReq, err := s.parseAuthorizationRequest(r)
 	if err != nil {