feat: implement signature request controller

Without this patch the user has no way of canceling signature requests.

This patch introduces a status field. It has 3 possible values: PENDING,
CANCELED and EXECUTED.
The controller allows canceling the signature request only when it's in
status PENDING and the caller authenticates as one of the owners of the
Safe.

Author: pheuberger

src/__generated__/routes/routes.ts

@@ -0,0 +1,110 @@
+import {
+  Body,
+  Controller,
+  Post,
+  Path,
+  Response,
+  Route,
+  SuccessResponse,
+  Tags,
+} from "tsoa";
+
+import { SupabaseDataService } from "../services/SupabaseDataService.js";
+import { verifyAuthSignedData } from "../utils/verifyAuthSignedData.js";
+
+interface CancelSignatureRequest {
+  signature: string;
+  owner_address: string;
+  chain_id: number;
+}
+
+@Route("v1/signature-requests")
+@Tags("SignatureRequests")
+export class SignatureRequestController extends Controller {
+  private readonly dataService: SupabaseDataService;
+
+  constructor() {
+    super();
+    this.dataService = new SupabaseDataService();
+  }
+
+  @Post("{safe_address}-{message_hash}/cancel")
+  @SuccessResponse(200, "Signature request canceled successfully")
+  @Response(401, "Unauthorized")
+  @Response(404, "Signature request not found")
+  public async cancelSignatureRequest(
+    @Path() safe_address: string,
+    @Path() message_hash: string,
+    @Body() requestBody: CancelSignatureRequest,
+  ): Promise<{ success: boolean; message: string }> {
+    if (
+      !(await this.isValidSignature(safe_address, message_hash, requestBody))
+    ) {
+      return this.errorResponse("Unauthorized", 401);
+    }
+
+    const signatureRequest = await this.dataService.getSignatureRequest(
+      safe_address,
+      message_hash,
+    );
+    if (!signatureRequest) {
+      return this.errorResponse("Signature request not found", 404);
+    }
+
+    switch (signatureRequest.status) {
+      case "executed":
+        return this.errorResponse(
+          "Signature request has already been executed",
+        );
+
+      case "canceled":
+        return this.successResponse("Signature request canceled successfully");
+
+      case "pending":
+        await this.dataService.updateSignatureRequestStatus(
+          safe_address,
+          message_hash,
+          "canceled",
+        );
+        return this.successResponse("Signature request canceled successfully");
+
+      default:
+        return this.errorResponse(
+          `Invalid signature request status: ${signatureRequest.status}`,
+        );
+    }
+  }
+
+  async isValidSignature(
+    safeAddress: string,
+    messageHash: string,
+    requestBody: CancelSignatureRequest,
+  ): Promise<boolean> {
+    const { signature, owner_address, chain_id } = requestBody;
+    const id = `${safeAddress}-${messageHash}`;
+
+    return verifyAuthSignedData({
+      address: owner_address as `0x${string}`,
+      types: {
+        SignatureRequest: [
+          { name: "cancelSignatureRequestId", type: "string" },
+        ],
+      },
+      primaryType: "SignatureRequest",
+      signature: signature as `0x${string}`,
+      message: {
+        cancelSignatureRequestId: id,
+      },
+      requiredChainId: chain_id,
+    });
+  }
+
+  successResponse(message: string) {
+    return { success: true, message };
+  }
+
+  errorResponse(message: string, status = 400) {
+    this.setStatus(status);
+    return { success: false, message };
+  }
+}

src/__generated__/swagger.json

@@ -673,6 +673,28 @@ export class SupabaseDataService extends BaseSupabaseService<KyselyDataDatabase>
       .execute();
   }
 
+  async getSignatureRequest(safe_address: string, message_hash: string) {
+    return this.db
+      .selectFrom("signature_requests")
+      .selectAll()
+      .where("safe_address", "=", safe_address)
+      .where("message_hash", "=", message_hash)
+      .executeTakeFirst();
+  }
+
+  async updateSignatureRequestStatus(
+    safe_address: string,
+    message_hash: string,
+    status: DataDatabase["public"]["Enums"]["signature_request_status_enum"],
+  ) {
+    return this.db
+      .updateTable("signature_requests")
+      .set({ status })
+      .where("safe_address", "=", safe_address)
+      .where("message_hash", "=", message_hash)
+      .execute();
+  }
+
   getSignatureRequests(args: GetSignatureRequestArgs) {
     return {
       data: this.handleGetData("signature_requests", args),