fix: fix safe message (#3936)

* fix: fix safe message

* fix: format

Author: halaprix

.gitignore

@@ -41,3 +41,5 @@ next-env.d.ts
 
 # .env
 .env
+
+certificates

features/shared/jwt.ts

@@ -1,4 +1,4 @@
-import type { SendTransactionsResponse } from '@safe-global/safe-apps-sdk'
+import type { SignMessageResponse } from '@safe-global/safe-apps-sdk'
 import SafeAppsSDK from '@safe-global/safe-apps-sdk'
 import { decode } from 'jsonwebtoken'
 import type { Observable } from 'rxjs'
@@ -44,7 +44,7 @@ export function jwtAuthSetupToken$(
 }
 
 interface GnosisSafeSignInDetails {
-  safeTxHash: string
+  messageHash: string
   challenge: string
 }
 
@@ -72,15 +72,24 @@ async function getGnosisSafeDetails(
   }
 
   const dataToSign = getDataToSignFromChallenge(newChallenge)
-  const { safeTxHash } = (await sdk.txs.signMessage(dataToSign)) as SendTransactionsResponse
+  const res = (await sdk.txs.signMessage(dataToSign)) as SignMessageResponse
+  let messageHash: string | undefined
+  if ('messageHash' in res) {
+    messageHash = res.messageHash
+  } else if ('safeTxHash' in res) {
+    throw new Error('Please upgrade your SAFE')
+  } else {
+    throw new Error('Unexpected response type')
+  }
+
   localStorage.setItem(
     key,
     JSON.stringify({
-      safeTxHash,
+      messageHash,
       challenge: newChallenge,
     } as GnosisSafeSignInDetails),
   )
-  return { challenge: newChallenge, safeTxHash, dataToSign }
+  return { challenge: newChallenge, messageHash, dataToSign }
 }
 
 async function requestJWT(
@@ -99,40 +108,35 @@ async function requestJWT(
 
     const {
       challenge: gnosisSafeChallenge,
-      safeTxHash,
+      messageHash,
       dataToSign,
     } = await getGnosisSafeDetails(sdk, chainId, account, challenge)
 
     // start polling
     const token = await new Promise<string | null>((resolve) => {
       let returnValue = (val: string | null) => resolve(val) // CAUTION: this function is reassigned later
       const interval = setInterval(async () => {
-        try {
-          const { detailedExecutionInfo } = await sdk.txs.getBySafeTxHash(safeTxHash)
-          if (
-            !(
-              detailedExecutionInfo?.type === 'MULTISIG' &&
-              detailedExecutionInfo.confirmations.length
-            )
-          ) {
-            throw new Error('GS: not ready')
-          }
-
-          const isSigned = await sdk.safe.isMessageSigned(dataToSign)
-          if (!isSigned) {
-            throw new Error('Not signed yet')
+        if (messageHash) {
+          try {
+            const isSigned = await sdk.safe.isMessageSigned(dataToSign)
+            if (!isSigned) {
+              throw new Error('Not signed yet')
+            }
+            const offchainSignature = await sdk.safe.getOffChainSignature(messageHash)
+            if (!offchainSignature) {
+              throw new Error('GS: not ready')
+            }
+            const safeJwt = await requestSignin({
+              challenge: gnosisSafeChallenge,
+              signature: offchainSignature,
+              chainId,
+              isGnosisSafe: true,
+            }).toPromise()
+
+            return returnValue(safeJwt)
+          } catch (error) {
+            console.error('GS: error occurred', error)
           }
-
-          const safeJwt = await requestSignin({
-            challenge: gnosisSafeChallenge,
-            signature: safeTxHash,
-            chainId,
-            isGnosisSafe: true,
-          }).toPromise()
-
-          return returnValue(safeJwt)
-        } catch (error) {
-          console.error('GS: error occurred', error)
         }
       }, 5 * 1000)
 

handlers/signature-auth/signin.ts

@@ -1,5 +1,4 @@
 import { recoverPersonalSignature } from '@metamask/eth-sig-util'
-import { utils } from 'ethers'
 import jwt from 'jsonwebtoken'
 import type { NextApiHandler } from 'next'
 import Web3 from 'web3'
@@ -64,26 +63,7 @@ export function makeSignIn(options: signInOptions): NextApiHandler {
       console.error('Check if argent wallet failed')
     }
 
-    if (body.isGnosisSafe) {
-      try {
-        const toHash = utils.defaultAbiCoder.encode(
-          ['bytes32', 'uint256'],
-          [
-            await getMessageHash(web3, utils.hashMessage(message), challenge.address),
-            7 /* signedMessages slot */,
-          ],
-        )
-        const valueSlot = utils.keccak256(toHash).replace(/0x0/g, '0x')
-        const slot = await web3.eth.getStorageAt(challenge.address, valueSlot as any)
-        const [signed] = utils.defaultAbiCoder.decode(['uint256'], slot)
-
-        if (!signed.eq(1)) {
-          throw new SignatureAuthError('Signature not correct')
-        }
-      } catch (e) {
-        return res.status(400).json({ error: (e as Error).message })
-      }
-    } else if (isArgentWallet) {
+    if (isArgentWallet) {
       if (!(await isValidSignature(web3, challenge.address, message, body.signature))) {
         throw new SignatureAuthError('Signature not correct')
       }
@@ -110,38 +90,6 @@ export function makeSignIn(options: signInOptions): NextApiHandler {
   }
 }
 
-const GnosisSafeABI = [
-  {
-    name: 'domainSeparator',
-    inputs: [],
-    outputs: [
-      {
-        name: '',
-        type: 'bytes32',
-      },
-    ],
-    stateMutability: 'view',
-    type: 'function',
-  },
-]
-
-async function getMessageHash(web3: Web3, message: string, safe: string) {
-  const SAFE_MSG_TYPESHASH = '0x60b3cbf8b4a223d68d641b3b6ddf9a298e7f33710cf3d3a9d1146b5a6150fbca'
-  const safeMessageHash = utils.keccak256(
-    utils.defaultAbiCoder.encode(
-      ['bytes32', 'bytes32'],
-      [SAFE_MSG_TYPESHASH, utils.keccak256(message)],
-    ),
-  )
-
-  const contract = new web3.eth.Contract(GnosisSafeABI as any, safe)
-  const domainSeparator = await contract.methods.domainSeparator().call()
-  return utils.solidityKeccak256(
-    ['bytes1', 'bytes1', 'bytes32', 'bytes32'],
-    [0x19, 0x01, domainSeparator, safeMessageHash],
-  )
-}
-
 export function recreateSignedMessage(challenge: ChallengeJWT): string {
   // This function needs to be in sync with frontend getDataToSignFromChallenge() function
   return `Sign to verify your wallet ${challenge.address} (${challenge.randomChallenge})`