Add thirdweb login

Author: mmahdigh

package.json

@@ -48,6 +48,7 @@
     "reflect-metadata": "^0.1.13",
     "rxjs": "^7.8.1",
     "siwe": "^2.3.2",
+    "thirdweb": "^5.64.2",
     "viem": "^2.21.5"
   },
   "devDependencies": {

prisma/migrations/20241027180330_/migration.sql

@@ -0,0 +1,12 @@
+/*
+  Warnings:
+
+  - A unique constraint covering the columns `[attestation_id]` on the table `UserAttestation` will be added. If there are existing duplicate values, this will fail.
+  - Added the required column `attestation_id` to the `UserAttestation` table without a default value. This is not possible if the table is not empty.
+
+*/
+-- AlterTable
+ALTER TABLE "UserAttestation" ADD COLUMN     "attestation_id" TEXT NOT NULL;
+
+-- CreateIndex
+CREATE UNIQUE INDEX "UserAttestation_attestation_id_key" ON "UserAttestation"("attestation_id");

prisma/schema.prisma

@@ -201,12 +201,13 @@ model UserCollectionFinish {
 }
 
 model UserAttestation {
-  userId       Int      @map("user_id")
-  collectionId Int      @map("collection_id")
-  createdAt    DateTime @default(now()) @map("created_at")
-  updatedAt    DateTime @default(now()) @updatedAt @map("updated_at")
-  user         User     @relation(fields: [userId], references: [id])
-  collection   Project  @relation(fields: [collectionId], references: [id])
+  userId        Int      @map("user_id")
+  collectionId  Int      @map("collection_id")
+  attestationId String   @unique() @map("attestation_id")
+  createdAt     DateTime @default(now()) @map("created_at")
+  updatedAt     DateTime @default(now()) @updatedAt @map("updated_at")
+  user          User     @relation(fields: [userId], references: [id])
+  collection    Project  @relation(fields: [collectionId], references: [id])
 
   @@id([userId, collectionId])
 }

src/auth/auth.controller.ts

@@ -16,7 +16,7 @@ import { PrismaService } from 'src/prisma.service';
 import { Response } from 'express';
 import { UsersService } from 'src/user/users.service';
 import { AuthGuard } from './auth.guard';
-import { LoginDTO } from './dto/login.dto';
+import { LoginDTO, ThirdwebLoginDTO } from './dto/login.dto';
 import { ApiResponse } from '@nestjs/swagger';
 import { AuthedReq } from 'src/utils/types/AuthedReq.type';
 import { STAGING_API, generateRandomString } from 'src/utils';
@@ -125,6 +125,32 @@ export class AuthController {
     res.status(200).send({ token, isNewUser });
   }
 
+  @UseGuards(AuthGuard)
+  @ApiResponse({ status: 200, description: 'Sets an auth cookie' })
+  @Post('/thirdweb/login')
+  async loginWithThirdweb(
+    @Req() { userId }: AuthedReq,
+    @Body() { message, signature, address }: ThirdwebLoginDTO,
+  ) {
+    const isAuthentic = await this.authService.verifyThirdwebUser(
+      message,
+      signature,
+      address,
+    );
+    if (!isAuthentic) throw new UnauthorizedException('Invalid signature');
+
+    await this.prismaService.user.update({
+      where: {
+        id: userId,
+      },
+      data: {
+        smartaddress: address,
+      },
+    });
+
+    return 'Success';
+  }
+
   // @ApiResponse({
   //   status: 200,
   //   type: String,

src/auth/auth.service.ts

@@ -3,6 +3,8 @@ import { generateRandomString } from 'src/utils';
 import { PrismaService } from 'src/prisma.service';
 import { SiweMessage } from 'siwe';
 import { verifyMessage } from 'viem';
+import { chain, thirdwebClient } from './thirdweb';
+import { verifySignature } from 'thirdweb/auth';
 // import { chain, thirdwebClient } from 'src/thirdweb';
 
 @Injectable()
@@ -140,6 +142,22 @@ export class AuthService {
     return user;
   };
 
+  verifyThirdwebUser = async (
+    message: string,
+    signature: string,
+    address: string,
+  ) => {
+    const isValid = await verifySignature({
+      message,
+      signature,
+      address,
+      client: thirdwebClient,
+      chain,
+    });
+
+    return isValid;
+  };
+
   verifyUser = async (
     message: string,
     signature: `0x${string}`,

src/auth/dto/login.dto.ts

@@ -1,5 +1,4 @@
 import { ApiProperty } from '@nestjs/swagger';
-import { SiweMessage } from 'siwe';
 
 export class SiweMessageClass {
   @ApiProperty({
@@ -86,3 +85,13 @@ export class LoginDTO {
   @ApiProperty()
   address: string;
 }
+export class ThirdwebLoginDTO {
+  @ApiProperty()
+  message: string;
+
+  @ApiProperty()
+  signature: string;
+
+  @ApiProperty()
+  address: string;
+}

src/auth/thirdweb.ts

@@ -0,0 +1,13 @@
+import { createThirdwebClient } from 'thirdweb';
+import { optimism, optimismSepolia } from 'thirdweb/chains';
+
+const secretKey = process.env.SECRET_KEY;
+
+if (!secretKey) throw new Error('No Third Web Secret Key');
+
+export const chain =
+  process.env.ACTIVE_CHAIN === 'optimism' ? optimism : optimismSepolia;
+
+export const thirdwebClient = createThirdwebClient({
+  secretKey,
+});