chore: make application reject older wallets (#424)

Author: coodos

infrastructure/eid-wallet/src/routes/(app)/scan-qr/scanLogic.ts

@@ -262,6 +262,7 @@ export function createScanLogic({
                 session: get(session),
                 w3id: w3idResult,
                 signature: signature,
+                appVersion: "0.4.0",
             };
 
             console.log("🔐 Auth payload with signature:", {

platforms/blabsy-w3ds-auth-api/src/controllers/AuthController.ts

@@ -2,6 +2,10 @@ import { Request, Response } from "express";
 import { v4 as uuidv4 } from "uuid";
 import { EventEmitter } from "events";
 import { auth } from "firebase-admin";
+import { isVersionValid } from "../utils/version";
+
+const MIN_REQUIRED_VERSION = "0.4.0";
+
 export class AuthController {
     private eventEmitter: EventEmitter;
 
@@ -51,13 +55,32 @@ export class AuthController {
 
     login = async (req: Request, res: Response) => {
         try {
-            const { ename, session } = req.body;
+            const { ename, session, appVersion } = req.body;
 
             console.log(req.body)
 
             if (!ename) {
                 return res.status(400).json({ error: "ename is required" });
             }
+
+            if (!session) {
+                return res.status(400).json({ error: "session is required" });
+            }
+
+            // Check app version - missing version is treated as old version
+            if (!appVersion || !isVersionValid(appVersion, MIN_REQUIRED_VERSION)) {
+                const errorMessage = {
+                    error: true,
+                    message: `Your eID Wallet app version is outdated. Please update to version ${MIN_REQUIRED_VERSION} or later.`,
+                    type: "version_mismatch"
+                };
+                this.eventEmitter.emit(session, errorMessage);
+                return res.status(400).json({ 
+                    error: "App version too old", 
+                    message: errorMessage.message 
+                });
+            }
+
             const token = await auth().createCustomToken(ename);
             console.log(token);
 

platforms/blabsy-w3ds-auth-api/src/utils/version.ts

@@ -0,0 +1,32 @@
+/**
+ * Compares two semantic version strings
+ * @param version1 - First version string (e.g., "0.4.0")
+ * @param version2 - Second version string (e.g., "0.3.0")
+ * @returns -1 if version1 < version2, 0 if equal, 1 if version1 > version2
+ */
+export function compareVersions(version1: string, version2: string): number {
+    const v1Parts = version1.split('.').map(Number);
+    const v2Parts = version2.split('.').map(Number);
+
+    for (let i = 0; i < Math.max(v1Parts.length, v2Parts.length); i++) {
+        const v1Part = v1Parts[i] || 0;
+        const v2Part = v2Parts[i] || 0;
+
+        if (v1Part < v2Part) return -1;
+        if (v1Part > v2Part) return 1;
+    }
+
+    return 0;
+}
+
+/**
+ * Checks if the app version meets the minimum required version
+ * @param appVersion - The version from the app (e.g., "0.4.0")
+ * @param minVersion - The minimum required version (e.g., "0.4.0")
+ * @returns true if appVersion >= minVersion, false otherwise
+ */
+export function isVersionValid(appVersion: string, minVersion: string): boolean {
+    return compareVersions(appVersion, minVersion) >= 0;
+}
+
+

platforms/blabsy/src/components/common/maintenance-banner.tsx

@@ -18,7 +18,9 @@ export function MaintenanceBanner(): JSX.Element | null {
                 const registryUrl =
                     process.env.NEXT_PUBLIC_REGISTRY_URL ||
                     'http://localhost:4321';
-                const response = await axios.get<Motd>(`${registryUrl}/motd`);
+                const response = await axios.get<Motd>(`${registryUrl}/motd`, {
+                    timeout: 5000 // 5 second timeout
+                });
                 setMotd(response.data);
 
                 // Check if this message has been dismissed
@@ -27,6 +29,19 @@ export function MaintenanceBanner(): JSX.Element | null {
                     setIsDismissed(dismissed === response.data.message);
                 }
             } catch (error) {
+                // Silently handle network errors - registry service may not be available
+                // Only log non-network errors for debugging
+                if (axios.isAxiosError(error)) {
+                    if (
+                        error.code === 'ECONNABORTED' ||
+                        error.code === 'ERR_NETWORK' ||
+                        error.message === 'Network Error'
+                    ) {
+                        // Network error - registry service unavailable, silently fail
+                        return;
+                    }
+                }
+                // Log other errors (like 404, 500, etc.) for debugging
                 console.error('Failed to fetch motd:', error);
             }
         };

platforms/blabsy/src/components/login/login-main.tsx

@@ -9,6 +9,7 @@ import { isMobileDevice, getDeepLinkUrl } from '@lib/utils/mobile-detection';
 export function LoginMain(): JSX.Element {
     const { signInWithCustomToken } = useAuth();
     const [qr, setQr] = useState<string>();
+    const [errorMessage, setErrorMessage] = useState<string | null>(null);
 
     function watchEventStream(id: string): void {
         const sseUrl = new URL(
@@ -19,13 +20,37 @@ export function LoginMain(): JSX.Element {
 
         eventSource.onopen = (): void => {
             console.log('Successfully connected.');
+            setErrorMessage(null);
         };
 
         eventSource.onmessage = async (e): Promise<void> => {
-            const data = JSON.parse(e.data as string) as { token: string };
-            const { token } = data;
-            console.log(token);
-            await signInWithCustomToken(token);
+            const data = JSON.parse(e.data as string) as {
+                token?: string;
+                error?: boolean;
+                message?: string;
+                type?: string;
+            };
+
+            // Check for error messages (version mismatch)
+            if (data.error && data.type === 'version_mismatch') {
+                setErrorMessage(
+                    data.message ||
+                        'Your eID Wallet app version is outdated. Please update to continue.'
+                );
+                eventSource.close();
+                return;
+            }
+
+            // Handle successful authentication
+            if (data.token) {
+                console.log(data.token);
+                await signInWithCustomToken(data.token);
+            }
+        };
+
+        eventSource.onerror = (): void => {
+            console.error('SSE connection error');
+            eventSource.close();
         };
     }
     const getOfferData = async (): Promise<void> => {
@@ -89,6 +114,14 @@ export function LoginMain(): JSX.Element {
                         Join Blabsy today.
                     </h2>
                     <div>
+                        {errorMessage && (
+                            <div className='mb-4 p-4 bg-red-100 border border-red-400 text-red-700 rounded-lg'>
+                                <p className='font-semibold'>
+                                    Authentication Error
+                                </p>
+                                <p className='text-sm'>{errorMessage}</p>
+                            </div>
+                        )}
                         {isMobileDevice() ? (
                             <div className='flex flex-col gap-4 items-center'>
                                 <div className='text-xs text-gray-500 text-center max-w-xs'>

platforms/dreamSync/client/src/components/auth/login-screen.tsx

@@ -11,6 +11,7 @@ export function LoginScreen() {
   const [sessionId, setSessionId] = useState<string>("");
   const [isConnecting, setIsConnecting] = useState(false);
   const [isLoading, setIsLoading] = useState(true);
+  const [errorMessage, setErrorMessage] = useState<string | null>(null);
 
   useEffect(() => {
     const getAuthOffer = async () => {
@@ -45,6 +46,15 @@ export function LoginScreen() {
     eventSource.onmessage = (event) => {
       try {
         const data = JSON.parse(event.data);
+        
+        // Check for error messages (version mismatch)
+        if (data.error && data.type === 'version_mismatch') {
+          setErrorMessage(data.message || 'Your eID Wallet app version is outdated. Please update to continue.');
+          eventSource.close();
+          return;
+        }
+
+        // Handle successful authentication
         if (data.user && data.token) {
           setIsConnecting(true);
           // Store the token and user ID directly
@@ -108,6 +118,13 @@ export function LoginScreen() {
           </p>
         </div>
 
+        {errorMessage && (
+          <div className="mb-4 p-4 bg-red-100 border border-red-400 text-red-700 rounded-lg">
+            <p className="font-semibold">Authentication Error</p>
+            <p className="text-sm">{errorMessage}</p>
+          </div>
+        )}
+
         {qrCode && (
           <div className="flex justify-center mb-6">
             {isMobileDevice() ? (

platforms/dreamsync-api/src/controllers/AuthController.ts

@@ -3,6 +3,9 @@ import { v4 as uuidv4 } from "uuid";
 import { UserService } from "../services/UserService";
 import { EventEmitter } from "events";
 import { signToken } from "../utils/jwt";
+import { isVersionValid } from "../utils/version";
+
+const MIN_REQUIRED_VERSION = "0.4.0";
 
 export class AuthController {
     private userService: UserService;
@@ -53,7 +56,7 @@ export class AuthController {
 
     login = async (req: Request, res: Response) => {
         try {
-            const { ename, session, w3id, signature } = req.body;
+            const { ename, session, w3id, signature, appVersion } = req.body;
 
             if (!ename) {
                 return res.status(400).json({ error: "ename is required" });
@@ -63,6 +66,20 @@ export class AuthController {
                 return res.status(400).json({ error: "session is required" });
             }
 
+            // Check app version - missing version is treated as old version
+            if (!appVersion || !isVersionValid(appVersion, MIN_REQUIRED_VERSION)) {
+                const errorMessage = {
+                    error: true,
+                    message: `Your eID Wallet app version is outdated. Please update to version ${MIN_REQUIRED_VERSION} or later.`,
+                    type: "version_mismatch"
+                };
+                this.eventEmitter.emit(session, errorMessage);
+                return res.status(400).json({ 
+                    error: "App version too old", 
+                    message: errorMessage.message 
+                });
+            }
+
             // Find user by ename (handles @ symbol variations)
             const user = await this.userService.findByEname(ename);
 

platforms/dreamsync-api/src/utils/version.ts

@@ -0,0 +1,32 @@
+/**
+ * Compares two semantic version strings
+ * @param version1 - First version string (e.g., "0.4.0")
+ * @param version2 - Second version string (e.g., "0.3.0")
+ * @returns -1 if version1 < version2, 0 if equal, 1 if version1 > version2
+ */
+export function compareVersions(version1: string, version2: string): number {
+    const v1Parts = version1.split('.').map(Number);
+    const v2Parts = version2.split('.').map(Number);
+
+    for (let i = 0; i < Math.max(v1Parts.length, v2Parts.length); i++) {
+        const v1Part = v1Parts[i] || 0;
+        const v2Part = v2Parts[i] || 0;
+
+        if (v1Part < v2Part) return -1;
+        if (v1Part > v2Part) return 1;
+    }
+
+    return 0;
+}
+
+/**
+ * Checks if the app version meets the minimum required version
+ * @param appVersion - The version from the app (e.g., "0.4.0")
+ * @param minVersion - The minimum required version (e.g., "0.4.0")
+ * @returns true if appVersion >= minVersion, false otherwise
+ */
+export function isVersionValid(appVersion: string, minVersion: string): boolean {
+    return compareVersions(appVersion, minVersion) >= 0;
+}
+
+

platforms/eVoting/package.json

@@ -46,6 +46,7 @@
         "lucide-react": "^0.453.0",
         "next": "15.4.2",
         "next-qrcode": "^2.5.1",
+        "next.js": "^1.0.3",
         "qrcode.react": "^4.2.0",
         "react": "19.1.0",
         "react-day-picker": "^9.11.1",

platforms/eVoting/src/components/auth/login-screen.tsx

@@ -10,6 +10,7 @@ export function LoginScreen() {
   const [qrCode, setQrCode] = useState<string>("");
   const [sessionId, setSessionId] = useState<string>("");
   const [isConnecting, setIsConnecting] = useState(false);
+  const [errorMessage, setErrorMessage] = useState<string | null>(null);
 
   useEffect(() => {
     const getAuthOffer = async () => {
@@ -35,6 +36,15 @@ export function LoginScreen() {
     eventSource.onmessage = (event) => {
       try {
         const data = JSON.parse(event.data);
+        
+        // Check for error messages (version mismatch)
+        if (data.error && data.type === 'version_mismatch') {
+          setErrorMessage(data.message || 'Your eID Wallet app version is outdated. Please update to continue.');
+          eventSource.close();
+          return;
+        }
+
+        // Handle successful authentication
         if (data.user && data.token) {
           setIsConnecting(true);
           // Store the token and user ID directly
@@ -71,6 +81,12 @@ export function LoginScreen() {
         </div>
         <div className="bg-white py-8 px-4 shadow sm:rounded-lg sm:px-10">
           <div className="flex flex-col items-center space-y-6">
+            {errorMessage && (
+              <div className="w-full mb-4 p-4 bg-red-100 border border-red-400 text-red-700 rounded-lg">
+                <p className="font-semibold">Authentication Error</p>
+                <p className="text-sm">{errorMessage}</p>
+              </div>
+            )}
             {qrCode ? (
               <div className="p-4 bg-white border-2 border-gray-200 rounded-lg">
                 <QRCodeSVG