(feat#3745): support ed25519 author signature validation on gov actions

Author: Ciabas

govtool/backend/sql/list-proposals.sql

@@ -304,6 +304,7 @@ SELECT
     COALESCE(cv.ccAbstainVotes, 0) cc_abstain_votes,
     prev_gov_action.index as prev_gov_action_index,
     encode(prev_gov_action_tx.hash, 'hex') as prev_gov_action_tx_hash,
+    off_chain_vote_data.json ->> 'body' AS body,
     COALESCE(
       json_agg(
         json_build_object(
@@ -367,4 +368,5 @@ GROUP BY
     off_chain_vote_gov_action_data.title,
     off_chain_vote_gov_action_data.abstract,
     off_chain_vote_gov_action_data.motivation,
-    off_chain_vote_gov_action_data.rationale;
+    off_chain_vote_gov_action_data.rationale,
+    off_chain_vote_data.json ->> 'body';

govtool/backend/src/VVA/API.hs

@@ -245,6 +245,7 @@ proposalToResponse timeZone Types.Proposal {..} =
     proposalResponseCcAbstainVotes = proposalCcAbstainVotes,
     proposalResponsePrevGovActionIndex = proposalPrevGovActionIndex,
     proposalResponsePrevGovActionTxHash = HexText <$> proposalPrevGovActionTxHash,
+    proposalResponseBody = proposalBody,
     proposalResponseAuthors = ProposalAuthors <$> proposalAuthors
   }
 

govtool/backend/src/VVA/API/Types.hs

@@ -401,6 +401,7 @@ data ProposalResponse
       , proposalResponseCcAbstainVotes      :: Integer
       , proposalResponsePrevGovActionIndex  :: Maybe Integer
       , proposalResponsePrevGovActionTxHash :: Maybe HexText
+      , proposalResponseBody                :: Maybe Text
       , proposalResponseAuthors             :: Maybe ProposalAuthors
       }
   deriving (Generic, Show)

govtool/backend/src/VVA/Types.hs

@@ -208,6 +208,7 @@ data Proposal
       , proposalCcAbstainVotes        :: Integer
       , proposalPrevGovActionIndex    :: Maybe Integer
       , proposalPrevGovActionTxHash   :: Maybe Text
+      , proposalBody                  :: Maybe Text
       , proposalAuthors               :: Maybe Value
       }
   deriving (Show)
@@ -242,6 +243,7 @@ instance FromRow Proposal where
       <*> (floor @Scientific <$> field) -- proposalCcAbstainVotes
       <*> field -- prevGovActionIndex
       <*> field -- prevGovActionTxHash
+      <*> field -- proposalBody
       <*> field -- proposalAuthors
 
 data TransactionStatus = TransactionStatus

govtool/frontend/package-lock.json

@@ -32,6 +32,7 @@
     "@intersect.mbo/pdf-ui": "1.0.1-alfa",
     "@mui/icons-material": "^5.14.3",
     "@mui/material": "^5.14.4",
+    "@noble/ed25519": "^2.3.0",
     "@rollup/plugin-babel": "^6.0.4",
     "@rollup/pluginutils": "^5.1.0",
     "@sentry/react": "^7.77.0",

govtool/frontend/package.json

@@ -1,6 +1,8 @@
-import { useMemo, useState, Fragment } from "react";
+import { useMemo, useState, Fragment, useEffect } from "react";
 import { Box, Tabs, Tab, styled, Skeleton } from "@mui/material";
 import { useLocation } from "react-router-dom";
+import CheckCircleIcon from "@mui/icons-material/CheckCircle";
+import CancelIcon from "@mui/icons-material/Cancel";
 
 import { CopyButton, ExternalModalButton, Tooltip, Typography } from "@atoms";
 import {
@@ -23,6 +25,7 @@ import {
   getFullGovActionId,
   mapArrayToObjectByKeys,
   encodeCIP129Identifier,
+  validateSignature,
 } from "@utils";
 import { MetadataValidationStatus, ProposalData } from "@models";
 import { GovernanceActionType } from "@/types/governanceAction";
@@ -77,6 +80,7 @@ export const GovernanceActionDetailsCardData = ({
   proposal: {
     abstract,
     authors,
+    body,
     createdDate,
     createdEpochNo,
     details,
@@ -386,7 +390,21 @@ export const GovernanceActionDetailsCardData = ({
                   placement="bottom-end"
                   arrow
                 >
-                  <span>{author.name}</span>
+                  <span
+                    style={{
+                        display: "inline-flex",
+                        alignItems: "center",
+                        gap: 2,
+                      }}
+                  >
+                    <AuthorSignatureStatus
+                      signature={author.signature}
+                      publicKey={author.publicKey}
+                      algorithm={author.witnessAlgorithm}
+                      body={body}
+                    />
+                    {author.name}
+                  </span>
                 </Tooltip>
                 {idx < arr.length - 1 && <span>,&nbsp;</span>}
               </Fragment>
@@ -498,3 +516,48 @@ const HardforkDetailsTabContent = ({
     </Box>
   );
 };
+
+const AuthorSignatureStatus = ({
+  algorithm,
+  publicKey,
+  signature,
+  body,
+}: {
+  algorithm?: string;
+  publicKey?: string;
+  signature?: string;
+  body?: string;
+}) => {
+  const [isSignatureValid, setIsSignatureValid] = useState<boolean | null>(
+    null,
+  );
+
+  useEffect(() => {
+    let cancelled = false;
+    async function checkSignature() {
+      const args = {
+        message: body,
+        algorithm,
+        publicKey:
+          "6A29D3C5C6280FBD9EF17EFFB29F8E8435D404BCF2FCED9336ABAEF1D06B62CB",
+        signature:
+          "23CFF1D1DA358AF8D835CD2F1F2A972D6E09DA5BD05C08E076017F83FEF1CAC082A853C12E7EA6BB44FC322809E6554ED69302CEE03DF6ABEF2C9D709C0E8906",
+      };
+      const result = await validateSignature(args);
+      if (!cancelled) setIsSignatureValid(result);
+    }
+    checkSignature();
+    return () => {
+      cancelled = true;
+    };
+  }, [algorithm, body, publicKey, signature]);
+
+  if (isSignatureValid === null) {
+    return <Skeleton variant="text" width={16} />;
+  }
+  return isSignatureValid ? (
+    <CheckCircleIcon sx={{ color: "success.main", fontSize: 16 }} />
+  ) : (
+    <CancelIcon sx={{ color: "error.main", fontSize: 16 }} />
+  );
+};

govtool/frontend/src/components/organisms/GovernanceActionDetailsCardData.tsx

@@ -239,7 +239,9 @@ export type ProposalData = {
     witnessAlgorithm?: string;
     publicKey?: string;
     signature?: string;
+    isSignatureValid?: boolean;
   }[];
+  body?: string;
 } & SubmittedVotesData;
 
 export type NewConstitutionAnchor = {

govtool/frontend/src/models/api.ts

@@ -37,3 +37,4 @@ export * from "./uniqBy";
 export * from "./wait";
 export * from "./getBase64ImageDetails";
 export * from "./parseBoolean";
+export * from "./validateSignature";

govtool/frontend/src/utils/index.ts

@@ -0,0 +1,94 @@
+/**
+ * @vitest-environment node
+ *
+ * We are switching to the "node" environment because jsdom does not provide a full WebCrypto API,
+ * specifically window.crypto.subtle, which is required by @noble/ed25519 for signature
+ * verification. Node.js (v16.8+) includes native crypto.subtle support, making it suitable for
+ * cryptographic tests. Current browsers support window.crypto.subtle natively, so this issue only
+ * affects the test environment. */
+
+import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
+import { validateSignature } from "../validateSignature";
+
+describe("validateSignature", () => {
+  const validEdInput = {
+    // just for the sake of verification
+    // privateKey: "A1CFF8671EDD404DCB27EC6101BD2B50FCB5B9B97790052B59BFC21647F1030B"
+    message: `{"title": "Ryan Blockchain Ecosystem Budget - 100M ada", "abstract": "This is Ryan's proposal for a Blockchain Ecosystem Budget, which allocates 100 million ada to various projects and initiatives within the ecosystem.", "rationale": "uhhhhhhhhhhhhhhhh", "motivation": "Without funding Ryan cannot buy an island.", "references": [{"uri": "ipfs://xd", "@type": "Other", "label": "Lol"}]}`,
+    publicKey:
+      "6A29D3C5C6280FBD9EF17EFFB29F8E8435D404BCF2FCED9336ABAEF1D06B62CB",
+    algorithm: "ed25519",
+    signature:
+      "23CFF1D1DA358AF8D835CD2F1F2A972D6E09DA5BD05C08E076017F83FEF1CAC082A853C12E7EA6BB44FC322809E6554ED69302CEE03DF6ABEF2C9D709C0E8906",
+  };
+
+  beforeEach(() => {
+    vi.spyOn(console, "error").mockImplementation(() => {});
+  });
+
+  afterEach(() => {
+    vi.restoreAllMocks();
+    vi.clearAllMocks();
+  });
+
+  it("returns false if signature is missing", async () => {
+    const result = await validateSignature({
+      ...validEdInput,
+      signature: undefined,
+    });
+    expect(result).toBe(false);
+  });
+
+  it("returns false if publicKey is missing", async () => {
+    const result = await validateSignature({
+      ...validEdInput,
+      publicKey: undefined,
+    });
+    expect(result).toBe(false);
+  });
+
+  it("returns false if algorithm is missing", async () => {
+    const result = await validateSignature({
+      ...validEdInput,
+      algorithm: undefined,
+    });
+    expect(result).toBe(false);
+  });
+
+  it("returns false if message is missing", async () => {
+    const result = await validateSignature({
+      ...validEdInput,
+      message: undefined,
+    });
+    expect(result).toBe(false);
+  });
+
+  it("returns false for unsupported algorithm", async () => {
+    vi.spyOn(console, "error").mockImplementation(() => {});
+    const result = await validateSignature({
+      ...validEdInput,
+      algorithm: "rsa",
+    });
+    expect(result).toBe(false);
+    expect(console.error).toHaveBeenCalledWith("Unsupported algorithm:", "rsa");
+  });
+
+  describe("Ed25519 algorithm", () => {
+    it("accepts 'Ed25519' (case-insensitive)", async () => {
+      const result = await validateSignature({
+        ...validEdInput,
+        algorithm: "Ed25519",
+      });
+
+      expect(result).toBe(true);
+    });
+
+    it("accepts 'ed25519' (case-insensitive)", async () => {
+      const result = await validateSignature({
+        ...validEdInput,
+        algorithm: "ed25519",
+      });
+      expect(result).toBe(true);
+    });
+  });
+});