Merge pull request #33 from GeneralMagicio/auth-module

added generate nonce and verify payload

Author: RamRamez

package.json

@@ -28,9 +28,16 @@
     "@nestjs/mapped-types": "*",
     "@nestjs/platform-express": "^11.0.1",
     "@prisma/client": "^6.5.0",
+    "@worldcoin/minikit-js": "^1.8.0",
     "class-validator": "^0.14.1",
+    "cookie-parser": "^1.4.7",
+    "crypto": "^1.0.1",
+    "react": "^19.1.0",
     "reflect-metadata": "^0.2.2",
-    "rxjs": "^7.8.1"
+    "rxjs": "^7.8.1",
+    "viem": "^2.24.2",
+    "view": "^1.1.1",
+    "zustand": "^5.0.3"
   },
   "devDependencies": {
     "@eslint/eslintrc": "^3.2.0",

src/app.module.ts

@@ -4,10 +4,12 @@ import { AppService } from './app.service';
 import { DatabaseService } from './database/database.service';
 import { DatabaseModule } from './database/database.module';
 import { PollModule } from './poll/poll.module';
+import { AuthModule } from './auth/auth.module';
+import { AuthService } from './auth/auth.service';
 
 @Module({
-  imports: [DatabaseModule, PollModule],
+  imports: [DatabaseModule, PollModule, AuthModule],
   controllers: [AppController],
-  providers: [AppService, DatabaseService],
+  providers: [AppService, DatabaseService, AuthService],
 })
 export class AppModule {}

src/auth/auth.controller.ts

@@ -0,0 +1,53 @@
+import { Body, Controller, Get, Post, Req, Res } from '@nestjs/common';
+import { Response, Request } from 'express';
+import { AuthService } from './auth.service';
+import { MiniAppWalletAuthSuccessPayload } from '@worldcoin/minikit-js';
+
+interface IRequestPayload {
+  payload: MiniAppWalletAuthSuccessPayload;
+}
+@Controller('auth')
+export class AuthController {
+  constructor(private readonly authService: AuthService) {}
+
+  @Get('nonce')
+  async generateNonce(@Res() res: Response): Promise<any> {
+    const nonce = this.authService.generateNonce();
+    res.cookie('siwe', nonce, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'strict',
+      maxAge: 2 * 60 * 1000, //2 minutes
+    });
+
+    return res.json({ nonce });
+  }
+
+  @Post('verifyPayload')
+  async verifyPayload(
+    @Req() req: Request,
+    @Body() body: IRequestPayload,
+    @Res() res: Response,
+  ) {
+    const { payload } = body;
+    const storedNonce = req.cookies?.siwe;
+    if (!storedNonce) {
+      return res.status(400).json({
+        status: 'error',
+        isValid: false,
+        message: 'No nonce found in cookies',
+      });
+    }
+    try {
+      const validMessage = await this.authService.verifyPayload(
+        payload,
+        storedNonce,
+      );
+      return res.status(200).json({ isValid: validMessage });
+    } catch (error: any) {
+      return res
+        .status(400)
+        .json({ status: 'error', isValid: false, message: error.message });
+    }
+  }
+}

src/auth/auth.module.ts

@@ -0,0 +1,9 @@
+import { Module } from '@nestjs/common';
+import { AuthController } from './auth.controller';
+import { AuthService } from './auth.service';
+
+@Module({
+  controllers: [AuthController],
+  providers: [AuthService],
+})
+export class AuthModule {}

src/auth/auth.service.ts

@@ -0,0 +1,24 @@
+import { Injectable } from '@nestjs/common';
+import * as crypto from 'crypto';
+import {
+  MiniAppWalletAuthSuccessPayload,
+  verifySiweMessage,
+} from '@worldcoin/minikit-js';
+import { DatabaseService } from 'src/database/database.service';
+
+@Injectable()
+export class AuthService {
+  constructor(private readonly databaseService: DatabaseService) {}
+
+  generateNonce(length: number = 8): string {
+    return crypto
+      .randomBytes(Math.ceil(length / 2))
+      .toString('hex')
+      .slice(0, length);
+  }
+
+  async verifyPayload(payload: MiniAppWalletAuthSuccessPayload, nonce: string) {
+    const validMessage = await verifySiweMessage(payload, nonce);
+    return validMessage.isValid;
+  }
+}

src/main.ts

@@ -1,8 +1,11 @@
 import { NestFactory } from '@nestjs/core';
 import { AppModule } from './app.module';
+import * as cookieParser from 'cookie-parser';
 
 async function bootstrap() {
   const app = await NestFactory.create(AppModule);
+  app.use(cookieParser());
+
   await app.listen(process.env.PORT ?? 3000);
 }
 bootstrap();