Assignment: Issue #45 - Stellar Wallet Authentication (Full Login Flow)
Target Environment: Production-Ready
Date: April 26, 2026
- 1.1 Run
npm installto installstellar-sdkdependency - 1.2 Verify stellar-sdk installation:
npm list stellar-sdk - 1.3 Copy
.env.exampleto.env.local - 1.4 Generate JWT secret:
node -e "console.log(require('crypto').randomBytes(32).toString('hex'))" - 1.5 Set all required environment variables:
DATABASE_URL=postgresql://... JWT_SECRET=<your-generated-secret> NEXT_PUBLIC_STELLAR_NETWORK=testnet NEXT_PUBLIC_APP_URL=http://localhost:3000 - 1.6 Verify environment variables:
npm run verify:env(if script exists) or manually check
- 2.1 Connect to your PostgreSQL database (NeonDB)
- 2.2 Run database migration:
psql $DATABASE_URL -f scripts/add-auth-tables.sql - 2.3 Verify schema creation by running:
npx ts-node lib/verify-db-schema.ts
- 2.4 Expected output: "✅ DATABASE SCHEMA VERIFICATION PASSED"
- 2.5 Check that all tables exist:
usersauth_sessionslogin_noncessnippets(withownercolumn)
- 2.6 Verify indexes are created for performance
- 3.1 Verify middleware.ts exists in project root
- 3.2 Verify authentication routes exist:
-
app/api/auth/nonce/route.ts -
app/api/auth/verify/route.ts -
app/api/auth/logout/route.ts
-
- 3.3 Verify auth utilities exist:
-
lib/auth.ts(JWT, signature verification, nonce management) -
lib/auth-middleware.ts(authentication middleware)
-
- 3.4 Verify wallet components:
-
components/WalletConnect.tsx(wallet connection UI) -
components/ClientWalletProvider.tsx(wallet context provider)
-
- 3.5 Verify snippets route includes authentication:
-
app/api/snippets/route.tshasPOSTprotection
-
- 4.1 Build the project:
npm run build
- 4.2 No TypeScript errors should appear
- 4.3 No build warnings or errors
- 4.4 Verify build output:
.nextfolder created successfully
Complete all tests from TESTING_GUIDE_AUTHENTICATION.md:
- 5.1 TEST 1: Wallet Connection and Authentication ✅
- 5.2 TEST 2: Create Snippet with Authentication ✅
- 5.3 TEST 3: Verify Nonce Generation ✅
- 5.4 TEST 4: Verify JWT Token Validation ✅
- 5.5 TEST 5: Middleware Authentication ✅
- 5.6 TEST 6: User Logout and Session Invalidation ✅
- 5.7 TEST 7: Signature Verification Security ✅
- 5.8 TEST 8: Backward Compatibility ✅
- 6.1 JWT_SECRET is at least 32 characters and cryptographically secure
- 6.2 JWT_SECRET is NOT hardcoded, only in environment variables
- 6.3 Database connection uses SSL:
?sslmode=requirein DATABASE_URL - 6.4 Private keys never stored on server-side
- 6.5 Nonce single-use enforced (prevents replay attacks)
- 6.6 Nonce expiration set to 15 minutes
- 6.7 JWT expiration set to 7 days
- 6.8 Session tokens are hashed before storage (SHA-256)
- 6.9 Token validation checks both format and expiration
- 6.10 Middleware blocks unauthorized access to protected routes
- 7.1 AUTHENTICATION_GUIDE.md exists and is up-to-date
- 7.2 TESTING_GUIDE_AUTHENTICATION.md exists with complete test cases
- 7.3 This deployment checklist is completed
- 7.4 .env.example documents all required variables
- 7.5 README updated to mention authentication features
- 7.6 Comments added to code explaining key functions
- 8.1 Database indexes are created for:
users(wallet_address)auth_sessions(wallet_address)auth_sessions(expires_at)login_nonces(nonce)snippets(owner)
- 8.2 Query performance tested (should be < 100ms)
- 8.3 Error logging configured (check lib/auth.ts for console.error calls)
- 8.4 Monitoring setup in place for failed auth attempts
- 9.1 Set environment variables in Vercel dashboard:
- DATABASE_URL
- JWT_SECRET
- NEXT_PUBLIC_STELLAR_NETWORK
- NEXT_PUBLIC_APP_URL
- 9.2 Build command:
npm run build(default, already configured) - 9.3 Start command:
npm start(default, already configured)
- 9.1 Node.js version compatible (v18+)
- 9.2 Environment variables set in production environment
- 9.3 Database credentials securely configured
- 9.4 SSL/TLS enabled for all connections
- 9.5 Regular backups configured for database
- 9.1 Dockerfile configured with all dependencies
- 9.2 Environment variables passed via docker-compose or secrets
- 9.3 Database migrations run on container startup
- 10.1 Update
NEXT_PUBLIC_STELLAR_NETWORKfrom "testnet" to "public" - 10.2 Update
NEXT_PUBLIC_APP_URLto production domain - 10.3 Rotate JWT_SECRET if it was used in development
- 10.4 Test with mainnet wallet addresses
- 10.5 Ensure proper CORS configuration
- 10.1 Keep
NEXT_PUBLIC_STELLAR_NETWORKas "testnet" - 10.2 Update
NEXT_PUBLIC_APP_URLto staging domain - 10.3 Use staging wallet extensions (Freighter testnet)
Verify all original acceptance criteria are met:
- ✅ 11.1 Users must authenticate via Stellar wallet signature verification
- Verified in TEST 1 of testing guide
- ✅ 11.2 Wallet signature validated against public key
- Verified in TEST 7 of testing guide
- ✅ 11.3 Successful verification issues secure session token (JWT)
- Verified in TEST 1 and TEST 4 of testing guide
- ✅ 11.4 Invalid/missing signatures rejected with clear error responses
- Verified in TEST 7 of testing guide
- ✅ 11.5 Middleware enforces authentication for protected routes
- Verified in TEST 5 of testing guide
- ✅ 11.6 Backward compatibility for existing users maintained
- Verified in TEST 8 of testing guide
- 12.1 Team notified of deployment
- 12.2 Rollback plan documented (if needed)
- 12.3 Monitoring alerts configured
- 12.4 Support documentation shared with team
- 12.5 Known issues documented (if any)
# Verify all checks from this checklist are completed
# Run local tests one final time
npm run dev
# Then navigate to http://localhost:3000 and run TEST 1-3npm run build
# Verify no errors and output is created# For Vercel: git push (auto-deploys)
# For self-hosted: npm start
# For Docker: docker build . && docker run ...# Test on production environment:
# 1. Navigate to https://your-production-domain.com
# 2. Test wallet connection
# 3. Test snippet creation
# 4. Verify database migrations appliedIf issues occur in production:
- Revert to previous deployment
- Keep database schema (migrations are backward compatible)
- Clear JWT tokens from localStorage (users need to re-authenticate)
- Notify team of rollback
- Revert API code but keep frontend
- Frontend will show JWT errors (users can re-login)
- Manually clear old sessions from database
-- If needed, remove authentication tables (CAREFULLY!)
-- Keep this command for emergency only
-- DO NOT RUN in production without backup
-- DROP TABLE auth_sessions CASCADE;
-- DROP TABLE login_nonces CASCADE;
-- DROP TABLE users CASCADE;
-- ALTER TABLE snippets DROP COLUMN owner;- Failed authentication attempts (401 errors)
- JWT token validation failures
- Database connection errors
- Signature verification failures
- Session expiration rate
- High rate of failed logins (> 10 per minute)
- Database connection issues
- JWT verification errors
- Middleware 401 responses (> 5% of requests)
- No unexplained errors in logs
- Database size growing normally
- JWT tokens expiring as expected
- Users able to connect and create snippets
Once all checks are complete, the assignment is ready for production:
Deployment Status: ✅ READY FOR PRODUCTION
Assignment: Issue #45 - Stellar Wallet Authentication (Full Login Flow)
Completed By: [Your Name]
Date: [Date]
Environment: [testnet/mainnet]
Database: [NeonDB/PostgreSQL]
Notes: [Any relevant notes]
If issues arise during deployment:
-
Check logs:
# View application logs # For Vercel: Check Vercel dashboard # For self-hosted: Check server logs
-
Verify database:
npx ts-node lib/verify-db-schema.ts
-
Test authentication endpoints:
curl http://localhost:3000/api/auth/nonce curl http://localhost:3000/api/snippets
-
Contact team: If issues persist, contact the team lead with:
- Error logs
- Screenshot of issue
- Steps to reproduce
- Environment details
End of Deployment Checklist