Require Gem Authorization header for device auth#485
Open
gemcoder21 wants to merge 5 commits into
Open
Conversation
Remove legacy per-header device auth and enforce the single Gem Authorization header across device endpoints. parse_auth_components and signature verification now expect and parse the Authorization header only (wallet_id included in the signed message), legacy header constants and decoding fallbacks were removed, and the gem_auth crate dropped AuthScheme and decode_signature. AuthConfig no longer has an `enabled` flag (always enforced) and main now constructs AuthConfig accordingly. Add DeviceError::MissingWalletId and update guards to return it when wallet-scoped endpoints lack a wallet id. Docs updated to reflect the new required header format and removed legacy header examples.
Introduce DeviceJson<T> and DeviceBody<const MAX_BYTES> to centralize reading and validation of request bodies and enforce device body-hash verification. Move body hash verification into devices::signature::verify_request_body_hash (uses device_body_hash and AuthConfig tolerance) and wire it into auth guard and new FromData implementations. Replace legacy DeviceParam/Json usages across device and support endpoints to use DeviceJson/DeviceBody and adapt handlers accordingly. Remove unused dependencies from the API manifest (gem_hash, hex, unic-langid) and add tests covering DeviceJson body hash verification.
Replace manual request body reading and explicit hash verification with read_verified_body in the API auth guard; expose read_verified_body as pub(crate). Also refactor gem_auth device signature tests to use shared constants and device_auth_message helper, pass message as &str consistently, and simplify tampered/wallet-id cases for clarity.
Drop unused test imports in swapper crate: remove Options from chainflip provider tests and remove SOLANA_USDC_TOKEN_ID from mayan provider tests to clean up unused-import warnings.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Remove legacy per-header device auth and enforce the single Gem Authorization header across device endpoints. parse_auth_components and signature verification now expect and parse the Authorization header only (wallet_id included in the signed message), legacy header constants and decoding fallbacks were removed, and the gem_auth crate dropped AuthScheme and decode_signature. AuthConfig no longer has an
enabledflag (always enforced) and main now constructs AuthConfig accordingly. Add DeviceError::MissingWalletId and update guards to return it when wallet-scoped endpoints lack a wallet id. Docs updated to reflect the new required header format and removed legacy header examples.