diff --git a/backend/src/config/env.ts b/backend/src/config/env.ts index ca6bb8d..41d529b 100644 --- a/backend/src/config/env.ts +++ b/backend/src/config/env.ts @@ -29,7 +29,7 @@ export interface IEnv { SMTP_EMAIL_FROM: string; SMTP_EMAIL_FROM_HELLO: string; APP_URL_BASE: string; - ADMIN_WALLET: string; + ADMIN_WALLET: string[]; MYSQL_HOST_TEST: string; MYSQL_PORT_TEST: number; @@ -81,7 +81,8 @@ export const env = { /** * Admin */ - ADMIN_WALLET: process.env["ADMIN_WALLET"].toLowerCase() || "", + ADMIN_WALLET: + process.env["ADMIN_WALLET"]?.toLocaleLowerCase().split(/[,;]/) || [], /** * Mysql URL. diff --git a/backend/src/config/values.ts b/backend/src/config/values.ts index a2c6c0c..e921aaa 100644 --- a/backend/src/config/values.ts +++ b/backend/src/config/values.ts @@ -98,4 +98,5 @@ export enum RouteErrorCode { SIGNATURE_NOT_PRESENT = 400005, REQUEST_TOKEN_NOT_PRESENT = 400006, AIRDROP_ERROR = 400007, + INVALID_ADMIN = 400008, } diff --git a/backend/src/lib/jwt.ts b/backend/src/lib/jwt.ts index 465778d..5ae78d8 100644 --- a/backend/src/lib/jwt.ts +++ b/backend/src/lib/jwt.ts @@ -53,7 +53,7 @@ export function readAdminAuthToken(token: string) { const { wallet } = jwt.verify(token, env.APP_SECRET, { subject, }) as any; - if (wallet && wallet.toLowerCase() === env.ADMIN_WALLET) { + if (wallet && env.ADMIN_WALLET.includes(wallet.toLowerCase())) { return { wallet, subject, diff --git a/backend/src/routes/admin-login.ts b/backend/src/routes/admin-login.ts index 86bb0b6..e3b3c7a 100644 --- a/backend/src/routes/admin-login.ts +++ b/backend/src/routes/admin-login.ts @@ -24,8 +24,12 @@ export async function resolve(req: Request, res: Response): Promise { const identity = new Identity(null); + if (!context.env.ADMIN_WALLET.includes(body.address?.toLowerCase())) { + throw new ResourceError(RouteErrorCode.INVALID_ADMIN, context); + } + const { isValid } = await identity.validateEvmWalletSignature({ - walletAddress: context.env.ADMIN_WALLET, + walletAddress: body.address, signature: body.signature, signatureValidityMinutes: 10, message: `test\n${body.timestamp}`, @@ -33,7 +37,7 @@ export async function resolve(req: Request, res: Response): Promise { }); if (isValid) { - const jwt = generateAdminAuthToken(context.env.ADMIN_WALLET); + const jwt = generateAdminAuthToken(body.address); return res.respond(200, { jwt }); } else { throw new ResourceError(RouteErrorCode.USER_DOES_NOT_EXIST, context); diff --git a/backend/src/tests/routes/admin-login.test.ts b/backend/src/tests/routes/admin-login.test.ts index 2d9158f..4517340 100644 --- a/backend/src/tests/routes/admin-login.test.ts +++ b/backend/src/tests/routes/admin-login.test.ts @@ -14,7 +14,7 @@ describe("admin login", () => { beforeAll(async () => { adminWallet = Wallet.createRandom(); stage = await createContextAndStartServer({ - ADMIN_WALLET: adminWallet.address, + ADMIN_WALLET: [adminWallet.address.toLowerCase()], }); await setupTestDatabase(); }); diff --git a/backend/src/tests/routes/create-user-admin.test.ts b/backend/src/tests/routes/create-user-admin.test.ts index e6a31a4..39e2f17 100644 --- a/backend/src/tests/routes/create-user-admin.test.ts +++ b/backend/src/tests/routes/create-user-admin.test.ts @@ -12,7 +12,7 @@ let token; describe("create user", () => { beforeAll(async () => { - token = generateAdminAuthToken(env.ADMIN_WALLET); + token = generateAdminAuthToken(env.ADMIN_WALLET[0]); stage = await createContextAndStartServer(); await setupTestDatabase(); }); diff --git a/backend/src/tests/routes/get-statistics.test.ts b/backend/src/tests/routes/get-statistics.test.ts index a9381e4..38262c5 100644 --- a/backend/src/tests/routes/get-statistics.test.ts +++ b/backend/src/tests/routes/get-statistics.test.ts @@ -14,7 +14,7 @@ let token; describe("get statistics", () => { beforeAll(async () => { stage = await createContextAndStartServer(); - token = generateAdminAuthToken(env.ADMIN_WALLET); + token = generateAdminAuthToken(env.ADMIN_WALLET[0]); await setupTestDatabase(); await new User({}, stage.context).fake().create(); await new User({}, stage.context) diff --git a/backend/src/tests/routes/get-user.test.ts b/backend/src/tests/routes/get-user.test.ts index be446dd..8188163 100644 --- a/backend/src/tests/routes/get-user.test.ts +++ b/backend/src/tests/routes/get-user.test.ts @@ -15,7 +15,7 @@ let token; describe("get user", () => { beforeAll(async () => { stage = await createContextAndStartServer(); - token = generateAdminAuthToken(env.ADMIN_WALLET); + token = generateAdminAuthToken(env.ADMIN_WALLET[0]); await setupTestDatabase(); await new User({}, stage.context).fake().create(); });