Address signing/verification
If you need to verify that a user owns a particular address, you can do it by offering to sign a message.
[...](sign-message-request:challenge)[...](signed-message:base64_encoded_text)// verify posted addresss
const validationUtils = require('ocore/validation_utils');
const device = require('ocore/device.js');
var sessionData = [];
eventBus.on('text', (from_address, text) => {
let arrSignedMessageMatches = text.match(/\(signed-message:(.+?)\)/);
if (validationUtils.isValidAddress(text)) {
sessionData[from_address] = text;
let challenge = 'My address is '+text;
return device.sendMessageToDevice(from_address, 'text',
'[...](sign-message-request:'+ challenge +')');
}
else if (arrSignedMessageMatches){
let signedMessageBase64 = arrSignedMessageMatches[1];
let validation = require('ocore/validation.js');
let signedMessageJson = Buffer.from(signedMessageBase64, 'base64').toString('utf8');
try{
var objSignedMessage = JSON.parse(signedMessageJson);
}
catch(e){
return null;
}
validation.validateSignedMessage(objSignedMessage, err => {
let user_address = sessionData[from_address];
let challenge = 'My address is '+user_address;
if (err)
return device.sendMessageToDevice(from_address, 'text', err);
if (objSignedMessage.signed_message !== challenge)
return device.sendMessageToDevice(from_address, 'text',
"You signed a wrong message: "+objSignedMessage.signed_message+", expected: "+challenge);
if (objSignedMessage.authors[0].address !== user_address)
return device.sendMessageToDevice(from_address, 'text',
"You signed the message with a wrong address: "+objSignedMessage.authors[0].address+", expected: "+user_address);
// all is good, address proven, continue processing
});
}
});Last updated
Was this helpful?