WEEK 2:- Complete EIP-712 signer recovery and on-chain purchase verification#232
Open
santhil-cyber wants to merge 1 commit into
Open
WEEK 2:- Complete EIP-712 signer recovery and on-chain purchase verification#232santhil-cyber wants to merge 1 commit into
santhil-cyber wants to merge 1 commit into
Conversation
- Implement signer recovery from typed-data signature via web3.py encode_structured_data + eth_account.recover_message - Add on-chain hasPurchased() check against DocumentStorage.sol using a minimal ABI (single read, no event scanning) - Auto-connect to Sepolia RPC when no Web3 instance is provided - Fail closed on RPC errors — no access granted on network failure - Graceful fallback when web3 not installed (test environments) - Fix hasPurchased ABI arg order to match Solidity mapping signature (string ipfsHash, address buyer) - Add web3>=6.0.0,<8.0.0 to requirements.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
1. EIP-712 signer recovery (
app/auth/eip712.py)The previous implementation had the full typed-data schema and replay protection in place, but the actual cryptographic verification was stubbed out. This PR completes it.
verify_signature()now builds the exact EIP-712 structured payload that MetaMask signs on the frontend:EIP712Domain(name, version, verifyingContract)AnalyticsRequest(datasetCID, timestamp, nonce, requestHash)It uses
eth_account.messages.encode_structured_data+w3.eth.account.recover_messageto recover the signer address and rejects the request if it doesn't match the claimed wallet.2. On-chain
hasPurchased()checkAfter signature verification, the backend now reads
DocumentStorage.hasPurchased(ipfsHash, wallet)directly from the deployed contract on Sepolia (0xd58de64...).This is an$O(1)$ mapping read — no event log scanning. A minimal single-function ABI is used to avoid pulling in the full contract ABI.
The check fails closed on any RPC error — if the network is unreachable, access is denied rather than granted.
3. Safer fallbacks
web3isn't installed (test environments), crypto checks are skipped gracefully so existing tests keep passing.Web3instance is passed, the function auto-connects tohttps://rpc.sepolia.org— no config needed for production.4. Fixed ABI argument order
The
hasPurchasedABI now correctly reflects the Solidity mapping signature:(string ipfsHash, address buyer)— the previous stub had the args reversed.5.
requirements.txt— addedweb3>=6.0.0,<8.0.0