From f8f3f444beea86d439e861f21cb671f673c6606e Mon Sep 17 00:00:00 2001
From: dan13ram <dan13ram@gmail.com>
Date: Fri, 30 Sep 2022 15:53:21 +0530
Subject: [PATCH] fix(login): signing welcome message only for did

---
 packages/utils/src/did/index.ts      | 8 ++++++--
 packages/utils/src/ethereumHelper.ts | 8 +-------
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/packages/utils/src/did/index.ts b/packages/utils/src/did/index.ts
index 1b137528..61facce0 100644
--- a/packages/utils/src/did/index.ts
+++ b/packages/utils/src/did/index.ts
@@ -7,6 +7,8 @@ import { Maybe } from '../extendedProfileTypes';
 
 const tokenDuration = 1000 * 60 * 60 * 24 * 7; // 7 days
 
+const WELCOME_MESSAGE = `Welcome to MetaGame Anon 🐙 \n Please sign this message so we know it is you.\n We care about privacy and assure you, we don't harvest your data. Unless you create a Player account, we simply store a token in your browser's local storage. This can be removed by using the disconnect button.\n `;
+
 type Claim = {
   iat: Date;
   exp: Date;
@@ -31,7 +33,8 @@ export async function createToken(
   };
 
   const serializedClaim = JSON.stringify(claim);
-  const proof = await getSignature(provider, serializedClaim);
+  const msgToSign = `${WELCOME_MESSAGE}${serializedClaim}`;
+  const proof = await getSignature(provider, msgToSign);
 
   return Base64.encode(JSON.stringify([proof, serializedClaim]));
 }
@@ -52,7 +55,8 @@ export async function verifyToken(
     );
   }
 
-  const valid = await verifySignature(claimant, rawClaim, proof, provider);
+  const msgToVerify = `${WELCOME_MESSAGE}${rawClaim}`;
+  const valid = await verifySignature(claimant, msgToVerify, proof, provider);
 
   if (!valid) {
     throw new Error('Invalid Signature');
diff --git a/packages/utils/src/ethereumHelper.ts b/packages/utils/src/ethereumHelper.ts
index 1a0c87f1..ded10e2a 100644
--- a/packages/utils/src/ethereumHelper.ts
+++ b/packages/utils/src/ethereumHelper.ts
@@ -1,7 +1,5 @@
 import { Contract, providers, utils } from 'ethers';
 
-const WELCOME_MESSAGE = `Welcome to MetaGame Anon 🐙 \n Please sign this message so we know it is you.\n We care about privacy and assure you, we don't harvest your data. Unless you create a Player account, we simply store a token in your browser's local storage. This can be removed by using the disconnect button.\n `;
-
 export async function getSignature(
   provider: providers.Web3Provider,
   msg: string,
@@ -11,8 +9,7 @@ export async function getSignature(
   const signer = provider.getSigner();
   const address = await signer.getAddress();
   if (!ethereum.request) throw new Error('No `request` On Ethereum Provider');
-  const signMsg = `${WELCOME_MESSAGE}${msg}`;
-  let params = [signMsg, address];
+  let params = [msg, address];
 
   if (extraParams) {
     params = [...params, ...extraParams];
@@ -66,9 +63,6 @@ export async function verifySignature(
 ): Promise<boolean> {
   const walletType = await getWalletType(address, provider);
 
-  // eslint-disable-next-line no-param-reassign
-  message = `${WELCOME_MESSAGE}${message}`;
-
   if (walletType === WalletType.EOA) {
     const recoveredAddress = utils.verifyMessage(message, signature);
     return address === recoveredAddress;