Skip to content

Commit 661298b

Browse files
mcquenjimcquenji
committed
fix: resolve cors error with sign header
1 parent dcd4001 commit 661298b

3 files changed

Lines changed: 32 additions & 6 deletions

File tree

bin/main.dart

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,11 @@ void main(List<String> args) async {
2525
final modularHandler = Modular(
2626
module: ServerModule(prisma),
2727
middlewares: [
28-
corsHeaders(),
28+
corsHeaders(
29+
headers: {
30+
ACCESS_CONTROL_ALLOW_HEADERS: 'Content-Type, Authorization, X-Signature, client-id',
31+
},
32+
),
2933
contentTypeJson,
3034
],
3135
);

lib/modules/client/infra/services/hmac_signature_service.dart

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,14 +17,22 @@ class HmacSignatureService extends SignatureService {
1717
final hmac = Hmac(sha256, utf8.encode(secret));
1818
final signature = hmac.convert(utf8.encode(body)).toString();
1919

20+
log('Generated signature: $signature, secret: $secret, body: $body');
21+
2022
return signature;
2123
}
2224

2325
@override
2426
bool verifySignature(String signature, String body, String secret) {
2527
final serverSignature = sign(body, secret);
2628

27-
return signature == serverSignature;
29+
final valid = signature == serverSignature;
30+
31+
if (!valid) {
32+
log('Invalid signature: Signature is "$signature", expected "$serverSignature"');
33+
}
34+
35+
return valid;
2836
}
2937

3038
@override

lib/modules/client/presentation/guards/signature_guard.dart

Lines changed: 18 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,27 +2,41 @@ import 'dart:async';
22
import 'dart:convert';
33

44
import 'package:echidna_server/echidna_server.dart';
5-
import 'package:echidna_server/modules/client/client.dart';
65
import 'package:shelf/shelf.dart';
76
import 'package:shelf_modular/shelf_modular.dart';
87

98
/// Verifies that the client key is valid.
109
class SignatureGuard extends RouteGuard {
1110
@override
1211
FutureOr<bool> canActivate(Request request, [ModularRoute? route]) async {
12+
request.log('Checking signature');
13+
1314
final body = await request.readAsString();
1415

1516
final signatureService = Modular.get<SignatureService>();
1617

1718
final clientKey = await signatureService.extractClientKey(request);
1819

19-
if (clientKey == null) return false;
20+
if (clientKey == null) {
21+
request.log('No client key found');
22+
23+
return false;
24+
}
2025

2126
final signature = request.headers['x-signature'];
2227

23-
if (signature == null) return false;
28+
if (signature == null) {
29+
request.log('No signature provided');
30+
return false;
31+
}
32+
33+
request.log('Signature provided: $signature');
34+
35+
final isValid = signatureService.verifySignature(signature, body, clientKey.key!);
36+
37+
request.log(isValid ? 'Signature verification succeeded' : 'Signature verification failed');
2438

25-
return signatureService.verifySignature(signature, body, clientKey.key!);
39+
return isValid;
2640
}
2741

2842
@override

0 commit comments

Comments
 (0)