fix verifyIdentityOwnership (#263)

Author: nikgraf

packages/hypergraph-react/src/HypergraphAppContext.tsx

@@ -41,6 +41,9 @@ const decodeResponseMessage = Schema.decodeUnknownEither(Messages.ResponseMessag
 
 const queryClient = new QueryClient();
 
+const CHAIN = Connect.GEO_TESTNET;
+const RPC_URL = Connect.TESTNET_RPC_URL;
+
 export type HypergraphAppCtx = {
   // auth related
   logout(): void;
@@ -359,7 +362,12 @@ export function HypergraphAppProvider({
             signature: update.signature,
             accountAddress: update.accountAddress,
           });
-          const authorIdentity = await Identity.getVerifiedIdentity(update.accountAddress, syncServerUri);
+          const authorIdentity = await Identity.getVerifiedIdentity(
+            update.accountAddress,
+            syncServerUri,
+            CHAIN,
+            RPC_URL,
+          );
           if (authorIdentity.signaturePublicKey !== signer) {
             // console.error(
             //   `Received invalid signature, recovered signer is ${signer},
@@ -394,7 +402,7 @@ export function HypergraphAppProvider({
     const getVerifiedIdentity = (accountAddress: string) => {
       return Effect.gen(function* () {
         const identity = yield* Effect.tryPromise({
-          try: () => Identity.getVerifiedIdentity(accountAddress, syncServerUri),
+          try: () => Identity.getVerifiedIdentity(accountAddress, syncServerUri, CHAIN, RPC_URL),
           catch: () => new Identity.InvalidIdentityError(),
         });
         return identity;
@@ -638,6 +646,8 @@ export function HypergraphAppProvider({
               inbox,
               response.spaceId,
               syncServerUri,
+              CHAIN,
+              RPC_URL,
             );
             if (!isValid) {
               console.error('Invalid message', response.message, inbox.inboxId);
@@ -684,6 +694,8 @@ export function HypergraphAppProvider({
               inbox,
               identity.address,
               syncServerUri,
+              CHAIN,
+              RPC_URL,
             );
             if (!isValid) {
               console.error('Invalid message', response.message, inbox.inboxId);
@@ -747,7 +759,14 @@ export function HypergraphAppProvider({
               response.messages.map(
                 // If the message has a signature, check that the signature is valid for the authorAccountAddress
                 async (message) => {
-                  return Inboxes.validateAccountInboxMessage(message, inbox, identity.address, syncServerUri);
+                  return Inboxes.validateAccountInboxMessage(
+                    message,
+                    inbox,
+                    identity.address,
+                    syncServerUri,
+                    CHAIN,
+                    RPC_URL,
+                  );
                 },
               ),
             );
@@ -807,7 +826,7 @@ export function HypergraphAppProvider({
               response.messages.map(
                 // If the message has a signature, check that the signature is valid for the authorAccountAddress
                 async (message) => {
-                  return Inboxes.validateSpaceInboxMessage(message, inbox, space.id, syncServerUri);
+                  return Inboxes.validateSpaceInboxMessage(message, inbox, space.id, syncServerUri, CHAIN, RPC_URL);
                 },
               ),
             );
@@ -1259,7 +1278,7 @@ export function HypergraphAppProvider({
         console.error('No state found for space');
         return;
       }
-      const inviteeWithKeys = await Identity.getVerifiedIdentity(invitee.accountAddress, syncServerUri);
+      const inviteeWithKeys = await Identity.getVerifiedIdentity(invitee.accountAddress, syncServerUri, CHAIN, RPC_URL);
       const spaceEvent = await Effect.runPromiseExit(
         SpaceEvents.createInvitation({
           author: {
@@ -1305,7 +1324,7 @@ export function HypergraphAppProvider({
 
   const getVerifiedIdentity = useCallback(
     (accountAddress: string) => {
-      return Identity.getVerifiedIdentity(accountAddress, syncServerUri);
+      return Identity.getVerifiedIdentity(accountAddress, syncServerUri, CHAIN, RPC_URL);
     },
     [syncServerUri],
   );

packages/hypergraph/src/identity/get-verified-identity.ts

@@ -1,11 +1,14 @@
 import * as Schema from 'effect/Schema';
+import type { Chain } from 'viem';
 import * as Messages from '../messages/index.js';
 import { store } from '../store.js';
 import { verifyIdentityOwnership } from './prove-ownership.js';
 
 export const getVerifiedIdentity = async (
   accountAddress: string,
   syncServerUri: string,
+  chain: Chain,
+  rpcUrl: string,
 ): Promise<{
   accountAddress: string;
   encryptionPublicKey: string;
@@ -32,6 +35,8 @@ export const getVerifiedIdentity = async (
       resDecoded.signaturePublicKey,
       resDecoded.accountProof,
       resDecoded.keyProof,
+      chain,
+      rpcUrl,
     ))
   ) {
     throw new Error('Invalid identity in getVerifiedIdentity');

packages/hypergraph/src/identity/prove-ownership.ts

@@ -2,7 +2,6 @@ import { http, type Chain, type Hex, type WalletClient, createPublicClient, veri
 import { privateKeyToAccount } from 'viem/accounts';
 
 import type { SmartAccountClient } from 'permissionless';
-import { DEFAULT_RPC_URL, GEOGENESIS } from '../connect/smart-account.js';
 import { publicKeyToAddress } from '../utils/index.js';
 import type { IdentityKeys } from './types.js';
 
@@ -55,10 +54,9 @@ export const verifyIdentityOwnership = async (
   publicKey: string,
   accountProof: string,
   keyProof: string,
-  chain: Chain = GEOGENESIS,
-  rpcUrl: string = DEFAULT_RPC_URL,
+  chain: Chain,
+  rpcUrl: string,
 ): Promise<boolean> => {
-  console.log('verifyIdentityOwnership', accountAddress, publicKey, accountProof, keyProof, chain, rpcUrl);
   const keyProofMessage = getKeyProofMessage(accountAddress, publicKey);
   const publicClient = createPublicClient({
     chain,

packages/hypergraph/src/inboxes/message-validation.ts

@@ -1,3 +1,4 @@
+import type { Chain } from 'viem';
 import * as Identity from '../identity/index.js';
 import type * as Messages from '../messages/index.js';
 import type { AccountInboxStorageEntry, SpaceInboxStorageEntry } from '../store.js';
@@ -8,6 +9,8 @@ export const validateSpaceInboxMessage = async (
   inbox: SpaceInboxStorageEntry,
   spaceId: string,
   syncServerUri: string,
+  chain: Chain,
+  rpcUrl: string,
 ) => {
   if (message.signature) {
     if (inbox.authPolicy === 'anonymous') {
@@ -19,7 +22,12 @@ export const validateSpaceInboxMessage = async (
       return false;
     }
     const signer = recoverSpaceInboxMessageSigner(message, spaceId, inbox.inboxId);
-    const verifiedIdentity = await Identity.getVerifiedIdentity(message.authorAccountAddress, syncServerUri);
+    const verifiedIdentity = await Identity.getVerifiedIdentity(
+      message.authorAccountAddress,
+      syncServerUri,
+      chain,
+      rpcUrl,
+    );
     const isValid = signer === verifiedIdentity.signaturePublicKey;
     if (!isValid) {
       console.error('Invalid signature', signer, verifiedIdentity.signaturePublicKey);
@@ -39,6 +47,8 @@ export const validateAccountInboxMessage = async (
   inbox: AccountInboxStorageEntry,
   accountAddress: string,
   syncServerUri: string,
+  chain: Chain,
+  rpcUrl: string,
 ) => {
   if (message.signature) {
     if (inbox.authPolicy === 'anonymous') {
@@ -50,7 +60,12 @@ export const validateAccountInboxMessage = async (
       return false;
     }
     const signer = recoverAccountInboxMessageSigner(message, accountAddress, inbox.inboxId);
-    const verifiedIdentity = await Identity.getVerifiedIdentity(message.authorAccountAddress, syncServerUri);
+    const verifiedIdentity = await Identity.getVerifiedIdentity(
+      message.authorAccountAddress,
+      syncServerUri,
+      chain,
+      rpcUrl,
+    );
     const isValid = signer === verifiedIdentity.signaturePublicKey;
     if (!isValid) {
       console.error('Invalid signature', signer, verifiedIdentity.signaturePublicKey);