feat: implemented the SEP-10 challenge verification feature#662
feat: implemented the SEP-10 challenge verification feature#662CollinsC1O wants to merge 3 commits into
Conversation
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 58 minutes and 45 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
@CollinsC1O Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
Summary
Added Storage Keys: Created AUTH_NONCE to handle replay protections against nonces being used multiple times and a NODE_REG map to accurately track node authorization sequences and timestamp states on-chain.
Implemented Verification Logic: Wrote the core verify_sep10_challenge function in lib.rs. The code builds a secure SHA-256 payload composed of the b"SEP10" prefix, node public key, challenge nonce, and timestamp prior to checking it against the node's provided signature via env.crypto().ed25519_verify(...).
Time Bounds Safety Check: Factored in bounds protection to throw an explicit ContractError::AuthTimeout if the timestamp on the challenge payload expires or passes an unacceptably delayed time window (timestamp +/- 300 seconds using env.ledger().timestamp()). This avoids permanently stalled, stale authorizations while restricting CPU load.
Analytics Support: Exposed an get_node_auth helper mapped with a corresponding standard env.events().publish((symbol_short!("node_auth"), node_pubkey), timestamp); event emitter to keep the off-chain/backend services optimally synced.
Closes #519