fix: make verify endpoint working

Author: mcquenji

bin/main.dart

@@ -63,7 +63,7 @@ void main(List<String> args) async {
     server.serverHeader = 'Echidna License Server';
     server.defaultResponseHeaders.contentType = ContentType.json;
 
-    server.handleError((e, s) {
+    server.handleError((Object e, StackTrace s) {
       Logger.root.severe('Failed to handle request', e, s);
     });
 

lib/modules/admin/presentation/handlers/create_client_key_handler.dart

@@ -56,7 +56,7 @@ Future<Response> createClientKeyHandler(Request request, Injector i, ModularArgu
   }
 
   try {
-    final uuid = i.get<Uuid>();
+    const uuid = Uuid();
 
     final key = uuid.v4();
 

lib/modules/admin/presentation/handlers/create_license_handler.dart

@@ -30,10 +30,10 @@ Future<Response> createLicenseHandler(Request request, Injector i, ModularArgume
     return Response.badRequest(body: 'Product with ID $productId does not exist.');
   }
 
-  final uuid = i.get<Uuid>();
+  const uuid = Uuid();
 
-  if (await prisma.license.findUnique(
-        where: LicenseWhereUniqueInput(
+  if (await prisma.license.findFirst(
+        where: LicenseWhereInput(
           userId: PrismaUnion.$2(
             userId != null ? PrismaUnion.$1(userId) : const PrismaUnion.$2(PrismaNull()),
           ),

lib/modules/client/infra/datasources/std_license_status_datasource.dart

@@ -9,9 +9,6 @@ class StdLicenseStatusDatasource extends LicenseStatusDatasource {
   /// Standard implementation of [LicenseStatusDatasource].
   StdLicenseStatusDatasource(this.prisma);
 
-  @override
-  void dispose() {}
-
   @override
   Future<dto.LicenseStatus> getLicenseStatus(String licenseKey) async {
     final license = await prisma.license.findUnique(

lib/modules/client/infra/services/hmac_signature_service.dart

@@ -12,9 +12,6 @@ class HmacSignatureService extends SignatureService {
   /// Signs and verifies signatures using the HMAC algorithm.
   HmacSignatureService(this.prisma);
 
-  @override
-  void dispose() {}
-
   @override
   String sign(String body, String secret) {
     final hmac = Hmac(sha256, utf8.encode(secret));

lib/modules/client/presentation/guards/signature_guard.dart

@@ -1,4 +1,5 @@
 import 'dart:async';
+import 'dart:convert';
 
 import 'package:echidna_server/echidna_server.dart';
 import 'package:echidna_server/modules/client/client.dart';
@@ -8,32 +9,38 @@ import 'package:shelf_modular/shelf_modular.dart';
 /// Verifies that the client key is valid.
 class SignatureGuard extends RouteGuard {
   @override
-  FutureOr<bool> canActivate(Request request, Route route) async {
-    final clientId = int.tryParse(request.headers['client-id'] ?? '');
-
-    if (clientId == null) {
-      return false;
-    }
+  FutureOr<bool> canActivate(Request request, [ModularRoute? route]) async {
+    final body = await request.readAsString();
 
     final signatureService = Modular.get<SignatureService>();
 
     final clientKey = await signatureService.extractClientKey(request);
 
-    if (clientKey == null) {
-      return false;
-    }
+    print(request.headers);
+
+    if (clientKey == null) return false;
+
+    print('Client key: ${clientKey.key}');
 
     final signature = request.headers['x-signature'];
 
-    if (signature == null) {
-      return false;
-    }
+    if (signature == null) return false;
+
+    print('Signature: $signature');
 
-    return signatureService.verifySignature(
-      signature,
-      await request.readAsString(),
-      clientKey.key!,
-    );
+    return signatureService.verifySignature(signature, body, clientKey.key!);
+  }
+
+  @override
+  FutureOr<Response> Function(Request p1) call(Handler handler, [ModularRoute? route]) {
+    return (request) async {
+      if (!await canActivate(request, route! as Route)) {
+        return Response.forbidden(
+          jsonEncode({'error': 'Invalid signature'}),
+        );
+      }
+      return handler(request);
+    };
   }
 }
 
@@ -48,24 +55,21 @@ class SignatureMiddleware extends ModularMiddleware {
 
       final signatureService = Modular.get<SignatureService>();
 
-      final clientId = int.tryParse(request.headers['client-id'] ?? '');
-
-      if (clientId == null) {
-        return response;
-      }
-
       final clientKey = await signatureService.extractClientKey(request);
 
       if (clientKey == null) {
         return response;
       }
 
+      final body = await response.readAsString();
+
       final signature = signatureService.sign(
-        await response.readAsString(),
+        body,
         clientKey.key!,
       );
 
       return response.change(
+        body: body,
         headers: {
           'x-signature': signature,
         },

lib/modules/client/presentation/handlers/verify_license_handler.dart

@@ -14,19 +14,19 @@ Future<Response> verifyLicenseHandler(Request request, Injector i, ModularArgume
 
   if (clientKey == null) {
     request.log('Could not extract client key. Unauthorized.');
-    return Response.forbidden('Invalid client key');
+    return Response.forbidden('Invalid signature');
   }
 
-  final userId = args.params['user-id'];
+  final userId = args.data['userId'];
 
   if (userId == null) {
     request.log('Bad Request: No user ID given');
     return Response.badRequest();
   }
 
-  var license = await prisma.license.findUnique(
-    where: LicenseWhereUniqueInput(
-      userId: PrismaUnion.$1(userId),
+  var license = await prisma.license.findFirst(
+    where: LicenseWhereInput(
+      userId: PrismaUnion.$2(PrismaUnion.$1(userId)),
       customerId: PrismaUnion.$2(clientKey.customerId!),
       productId: PrismaUnion.$2(clientKey.productId!),
     ),
@@ -41,17 +41,17 @@ Future<Response> verifyLicenseHandler(Request request, Injector i, ModularArgume
         i,
         ModularArguments(
           uri: args.uri,
-          params: {
+          data: {
             'customerId': clientKey.customerId,
             'productId': clientKey.productId,
             'userId': userId,
           },
         ),
       );
 
-      license = await prisma.license.findUnique(
-        where: LicenseWhereUniqueInput(
-          userId: PrismaUnion.$1(userId),
+      license = await prisma.license.findFirst(
+        where: LicenseWhereInput(
+          userId: PrismaUnion.$2(PrismaUnion.$1(userId)),
           customerId: PrismaUnion.$2(clientKey.customerId!),
           productId: PrismaUnion.$2(clientKey.productId!),
         ),

lib/modules/server/server.dart

@@ -42,8 +42,10 @@ class ServerModule extends Module {
         '/verify',
         module: ClientModule(prisma),
         middlewares: [
-          SignatureGuard(),
+          // idk why but the order of these middlewares is reversed
+          // and we want the SignatureGuard to be the first one to run
           SignatureMiddleware(),
+          SignatureGuard(),
         ],
       );
   }