fix: rebase naming issues (#27)

* fix(actions): sticking to the tag version instead of master branch in the shared GitHub action

* fix: web3modal siwe (#26)

* fix: allow non-tls on dev

* fix: enforce sameSite:strict

* fix: add default expirationTime

* fix: use strict for non-preview

.github/workflows/cd.yml

@@ -51,7 +51,7 @@ jobs:
         uses: actions/checkout@v3
 
       - id: deploy-staging
-        uses: WalletConnect/actions/actions/deploy-terraform/@master
+        uses: WalletConnect/actions/actions/deploy-terraform/@2.4.3
         env:
           TF_VAR_node_env: staging
           TF_VAR_supabase_jwt_secret: ${{ secrets.SUPABASE_JWT_SECRET }}
@@ -92,7 +92,7 @@ jobs:
         uses: actions/checkout@v3
 
       - id: deploy-prod
-        uses: WalletConnect/actions/actions/deploy-terraform/@master
+        uses: WalletConnect/actions/actions/deploy-terraform/@2.4.3
         env:
           TF_VAR_node_env: production
           TF_VAR_supabase_jwt_secret: ${{ secrets.SUPABASE_JWT_SECRET }}

src/handlers/verify.ts

@@ -3,9 +3,7 @@ import { Request, Response } from 'express'
 import { SiweErrorType, SiweMessage } from 'siwe'
 import { createOrUpdateUser } from '../services/prisma'
 
-const provider = new ethers.JsonRpcProvider(
-  `https://rpc.walletconnect.com/v1?chainId=eip155:1&projectId=${process.env.WALLETCONNECT_PROJECT_ID}`
-)
+const provider = new ethers.JsonRpcProvider(`https://rpc.walletconnect.com/v1?chainId=eip155:1&projectId=${process.env.WALLETCONNECT_PROJECT_ID}`)
 
 export const verifyAndSignIn = async (req: Request, res: Response) => {
   try {
@@ -25,12 +23,14 @@ export const verifyAndSignIn = async (req: Request, res: Response) => {
     )
 
     req.session.siwe = fields.data
-    if (!fields.data.expirationTime) {
-      return res.status(422).json({
-        message: 'Expected expirationTime to be set.'
-      })
+
+    const expirationTime = fields.data.expirationTime
+    if (expirationTime) {
+      req.session.cookie.expires = new Date(expirationTime)
+    } else {
+      // 7 days from now
+      req.session.cookie.expires = new Date(new Date().getTime() + 7 * 24 * 60 * 60 * 1000)
     }
-    req.session.cookie.expires = new Date(fields.data.expirationTime)
 
     const { accessToken, refreshToken } = await createOrUpdateUser(fields.data)
 

src/index.ts

@@ -36,13 +36,20 @@ if (!REDIS_PASSWORD) {
   throw new ReferenceError('REDIS_PASSWORD missing in environment variables')
 }
 
+const isProd = process.env.NODE_ENV === 'production'
+const isStage = process.env.NODE_ENV === 'staging'
+const isDev = process.env.NODE_ENV === 'development'
+
 const prismaClient = new PrismaClient()
 
 // Initialize redis client
 const redisClient = new Redis({
   host: REDIS_HOST ?? 'redis',
   port: REDIS_PORT ? parseInt(REDIS_PORT, 10) : 6379,
-  password: REDIS_PASSWORD
+  password: REDIS_PASSWORD,
+  tls: {
+    rejectUnauthorized: isProd ? true : false
+  }
 })
 
 // Initialize connect-redis store for express-session
@@ -58,9 +65,6 @@ app.disable('x-powered-by')
 app.use(express.json())
 app.set('trust proxy', 1)
 
-const isProd = process.env.NODE_ENV === 'production'
-const isDev = process.env.NODE_ENV === 'development'
-
 const allowedOrigins = isProd
   ? ['https://cloud.walletconnect.com']
   : ['http://localhost', 'https://wc-cloud-staging.vercel.app', /\.?-walletconnect1\.vercel\.app$/]
@@ -69,11 +73,7 @@ const corsOptions: CorsOptions = {
   credentials: true,
   methods: ['OPTIONS', 'GET', 'POST'],
   origin: (origin, callback) => {
-    if (
-      !origin ||
-      isDev ||
-      allowedOrigins.some((allowedOrigin) => new RegExp(allowedOrigin).test(origin))
-    ) {
+    if (!origin || isDev || allowedOrigins.some((allowedOrigin) => new RegExp(allowedOrigin).test(origin))) {
       callback(null, true)
     } else {
       callback(new Error(`Origin ${origin} is not allowed by CORS`))
@@ -91,7 +91,7 @@ app.use(
     store: redisStore,
     cookie: {
       secure: isDev ? false : true,
-      sameSite: isProd ? 'strict' : 'none',
+      sameSite: isStage ? 'none' : 'strict',
       maxAge: 144 * 60 * 60 * 1000,
       httpOnly: true
     }