wip on server side

Author: pcarranzav

apps/connect/src/routes/login.lazy.tsx

@@ -5,8 +5,8 @@ import { type ConnectedWallet, useIdentityToken, usePrivy, useWallets } from '@p
 import { createLazyFileRoute, useRouter } from '@tanstack/react-router';
 import { useCallback, useEffect, useState } from 'react';
 import { type WalletClient, createWalletClient, custom } from 'viem';
-import { mainnet } from 'viem/chains';
 
+const CHAIN = import.meta.env.VITE_HYPERGRAPH_CHAIN === 'geogenesis' ? GEOGENESIS : GEO_TESTNET;
 const syncServerUri = import.meta.env.VITE_HYPERGRAPH_SYNC_SERVER_ORIGIN;
 const storage = localStorage;
 
@@ -45,10 +45,10 @@ function Login() {
       if (!address) {
         return;
       }
-      const chain = import.meta.env.VITE_HYPERGRAPH_CHAIN === 'geogenesis' ? GEOGENESIS : GEO_TESTNET;
+
       const rpcUrl = import.meta.env.VITE_HYPERGRAPH_RPC_URL;
 
-      await Connect.login({ walletClient, signer, syncServerUri, storage, identityToken, rpcUrl, chain });
+      await Connect.login({ walletClient, signer, syncServerUri, storage, identityToken, rpcUrl, chain: CHAIN });
     },
     [identityToken, signMessage],
   );
@@ -66,7 +66,7 @@ function Login() {
           const embeddedWallet = wallets.find((wallet) => wallet.walletClientType === 'privy') || wallets[0];
           const privyProvider = await embeddedWallet.getEthereumProvider();
           const walletClient = createWalletClient({
-            chain: mainnet,
+            chain: CHAIN,
             transport: custom(privyProvider),
           });
 

apps/server/src/index.ts

@@ -1,5 +1,6 @@
 import { parse } from 'node:url';
 import { Identity, Inboxes, Messages, SpaceEvents, Utils } from '@graphprotocol/hypergraph';
+import { GEOGENESIS, GEO_TESTNET } from '@graphprotocol/hypergraph/connect/smart-account';
 import { bytesToHex, randomBytes } from '@noble/hashes/utils.js';
 import cors from 'cors';
 import { Effect, Exit, Schema } from 'effect';
@@ -41,6 +42,8 @@ const decodeRequestMessage = Schema.decodeUnknownEither(Messages.RequestMessage)
 const webSocketServer = new WebSocketServer({ noServer: true });
 const PORT = process.env.PORT !== undefined ? Number.parseInt(process.env.PORT) : 3030;
 const app = express();
+const CHAIN = process.env.HYPERGRAPH_CHAIN === 'geogenesis' ? GEOGENESIS : GEO_TESTNET;
+const RPC_URL = process.env.HYPERGRAPH_RPC_URL ?? CHAIN.rpcUrls.default.http[0];
 
 type AuthenticatedRequest = Request & { accountAddress?: string };
 
@@ -166,19 +169,18 @@ app.post('/connect/identity', async (req, res) => {
   console.log('POST connect/identity');
   try {
     const idToken = req.headers['privy-id-token'];
-    const accountAddressPrivy = await getAddressByPrivyToken(Array.isArray(idToken) ? idToken[0] : idToken);
+    const signerAddress = await getAddressByPrivyToken(Array.isArray(idToken) ? idToken[0] : idToken);
     const message = Schema.decodeUnknownSync(Messages.RequestConnectCreateIdentity)(req.body);
     const accountAddress = message.keyBox.accountAddress;
-    if (accountAddressPrivy !== accountAddress) {
-      res.status(401).send('Unauthorized');
-      return;
-    }
+
     if (
       !Identity.verifyIdentityOwnership(
         accountAddress,
         message.signaturePublicKey,
         message.accountProof,
         message.keyProof,
+        CHAIN,
+        RPC_URL,
       )
     ) {
       console.log('Ownership proof is invalid');
@@ -188,6 +190,7 @@ app.post('/connect/identity', async (req, res) => {
 
     try {
       await createIdentity({
+        signerAddress,
         accountAddress,
         ciphertext: message.keyBox.ciphertext,
         nonce: message.keyBox.nonce,

packages/hypergraph/src/connect/smart-account.ts

@@ -20,7 +20,7 @@ import {
   getUsageLimitPolicy,
   getValueLimitPolicy,
 } from '@rhinestone/module-sdk';
-import { privateKeyToAccount, toAccount } from 'viem/accounts';
+import { privateKeyToAccount } from 'viem/accounts';
 
 import { MAINNET, TESTNET } from '@graphprotocol/grc-20/contracts';
 import { type SmartAccountClient, createSmartAccountClient, encodeInstallModule } from 'permissionless';
@@ -61,8 +61,8 @@ import {
   smartSessionsAbi,
 } from './abis.js';
 
-const DEFAULT_RPC_URL = 'https://rpc-geo-genesis-h0q2s21xx8.t.conduit.xyz';
-const TESTNET_RPC_URL = 'https://rpc-geo-test-zc16z3tcvf.t.conduit.xyz';
+export const DEFAULT_RPC_URL = 'https://rpc-geo-genesis-h0q2s21xx8.t.conduit.xyz';
+export const TESTNET_RPC_URL = 'https://rpc-geo-test-zc16z3tcvf.t.conduit.xyz';
 /**
  * We provide a fallback API key for gas sponsorship for the duration of the
  * Geo Genesis early access period. This API key is gas-limited.
@@ -74,7 +74,6 @@ const SAFE_7579_MODULE_ADDRESS = '0x7579EE8307284F293B1927136486880611F20002';
 const SAFE_4337_MODULE_ADDRESS = '0x75cf11467937ce3F2f357CE24ffc3DBF8fD5c226';
 const ERC7579_LAUNCHPAD_ADDRESS = '0x7579011aB74c46090561ea277Ba79D510c6C00ff';
 
-// TODO: add address for testnet
 const SPACE_FACTORY_ADDRESS: Record<string, Hex> = {
   '80451': MAINNET.DAO_FACTORY_ADDRESS,
   '19411': TESTNET.DAO_FACTORY_ADDRESS,
@@ -109,7 +108,7 @@ const PERSONAL_SPACE_FUNCTIONS = [
   'submitNewEditor',
   'submitRemoveEditor',
 ];
-// TODO: add details for testnet too
+
 export const GEOGENESIS = {
   id: Number('80451'),
   name: 'Geo Genesis',

packages/hypergraph/src/identity/prove-ownership.ts

@@ -1,8 +1,10 @@
-import { type Hex, verifyMessage } from 'viem';
+import { http, type Account, type Chain, type Hex, createPublicClient, verifyMessage } from 'viem';
 import { privateKeyToAccount } from 'viem/accounts';
 
+import type { SmartAccountClient } from 'permissionless';
+import { DEFAULT_RPC_URL, GEOGENESIS } from '../connect/smart-account.js';
 import { publicKeyToAddress } from '../utils/index.js';
-import type { IdentityKeys, Signer } from './types.js';
+import type { IdentityKeys } from './types.js';
 
 export const getAccountProofMessage = (accountAddress: string, publicKey: string): string => {
   return `This message proves I am the owner of the account ${accountAddress} and the public key ${publicKey}`;
@@ -13,14 +15,17 @@ export const getKeyProofMessage = (accountAddress: string, publicKey: string): s
 };
 
 export const proveIdentityOwnership = async (
-  signer: Signer,
+  smartAccountClient: SmartAccountClient,
   accountAddress: string,
   keys: IdentityKeys,
 ): Promise<{ accountProof: string; keyProof: string }> => {
   const publicKey = keys.signaturePublicKey;
   const accountProofMessage = getAccountProofMessage(accountAddress, publicKey);
   const keyProofMessage = getKeyProofMessage(accountAddress, publicKey);
-  const accountProof = await signer.signMessage(accountProofMessage);
+  const accountProof = await smartAccountClient.signMessage({
+    account: smartAccountClient.account as Account,
+    message: accountProofMessage,
+  });
   const account = privateKeyToAccount(keys.signaturePrivateKey as Hex);
   const keyProof = await account.signMessage({ message: keyProofMessage });
   return { accountProof, keyProof };
@@ -31,10 +36,16 @@ export const verifyIdentityOwnership = async (
   publicKey: string,
   accountProof: string,
   keyProof: string,
+  chain: Chain = GEOGENESIS,
+  rpcUrl: string = DEFAULT_RPC_URL,
 ): Promise<boolean> => {
   const accountProofMessage = getAccountProofMessage(accountAddress, publicKey);
   const keyProofMessage = getKeyProofMessage(accountAddress, publicKey);
-  const validAccountProof = await verifyMessage({
+  const publicClient = createPublicClient({
+    chain,
+    transport: http(rpcUrl),
+  });
+  const validAccountProof = await publicClient.verifyMessage({
     address: accountAddress as Hex,
     message: accountProofMessage,
     signature: accountProof as Hex,