feat: normalize wallet address handling in nonce queries

- Updated nonce handling in challenge, verify, and issue API key handlers to normalize wallet addresses to lowercase for case-insensitive comparison. - Enhanced SQL queries to use LOWER() function for wallet address checks, improving consistency and reliability in nonce validation.
2025-12-11 08:18:49 +00:00 · 2025-11-16 18:10:08 +02:00 · 2025-11-16 18:10:08 +02:00 · 2f1ccfa473
commit 2f1ccfa473
parent 6f7b7606b0
3 changed files with 25 additions and 6 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -13,6 +13,19 @@ The format is based on [Keep a Changelog][keepachangelog] and adheres to [Semant
 ### Deprecated

 ### Fixed
+## [0.69.15] - 2025-11-16
+
+### Added
+\n
+### Changed
+- Improved authentication flow to handle wallet addresses case-insensitively during nonce creation and verification.
+
+### Deprecated
+
+### Removed
+
+### Fixed
+\n
 ## [0.69.14] - 2025-11-14

 ### Added
--- a/2
+++ b/2
@ -19,7 +19,7 @@ test-e2e:

 .PHONY: build clean test run-node run-node2 run-node3 run-example deps tidy fmt vet lint clear-ports install-hooks kill

-VERSION := 0.69.14
+VERSION := 0.69.15
 COMMIT  ?= $(shell git rev-parse --short HEAD 2>/dev/null || echo unknown)
 DATE    ?= $(shell date -u +%Y-%m-%dT%H:%M:%SZ)
 LDFLAGS := -X 'main.version=$(VERSION)' -X 'main.commit=$(COMMIT)' -X 'main.date=$(DATE)'
--- a/pkg/gateway/auth_handlers.go
+++ b/pkg/gateway/auth_handlers.go
@ -114,9 +114,11 @@ func (g *Gateway) challengeHandler(w http.ResponseWriter, r *http.Request) {
 	nsID := nres.Rows[0][0]

 	// Store nonce with 5 minute expiry
+	// Normalize wallet address to lowercase for case-insensitive comparison
+	walletLower := strings.ToLower(strings.TrimSpace(req.Wallet))
 	if _, err := db.Query(internalCtx,
 		"INSERT INTO nonces(namespace_id, wallet, nonce, purpose, expires_at) VALUES (?, ?, ?, ?, datetime('now', '+5 minutes'))",
-		nsID, req.Wallet, nonce, req.Purpose,
+		nsID, walletLower, nonce, req.Purpose,
 	); err != nil {
 		writeError(w, http.StatusInternalServerError, err.Error())
 		return
@ -171,8 +173,10 @@ func (g *Gateway) verifyHandler(w http.ResponseWriter, r *http.Request) {
 		writeError(w, http.StatusInternalServerError, err.Error())
 		return
 	}
-	q := "SELECT id FROM nonces WHERE namespace_id = ? AND wallet = ? AND nonce = ? AND used_at IS NULL AND (expires_at IS NULL OR expires_at > datetime('now')) LIMIT 1"
-	nres, err := db.Query(internalCtx, q, nsID, req.Wallet, req.Nonce)
+	// Normalize wallet address to lowercase for case-insensitive comparison
+	walletLower := strings.ToLower(strings.TrimSpace(req.Wallet))
+	q := "SELECT id FROM nonces WHERE namespace_id = ? AND LOWER(wallet) = LOWER(?) AND nonce = ? AND used_at IS NULL AND (expires_at IS NULL OR expires_at > datetime('now')) LIMIT 1"
+	nres, err := db.Query(internalCtx, q, nsID, walletLower, req.Nonce)
 	if err != nil || nres == nil || nres.Count == 0 {
 		writeError(w, http.StatusBadRequest, "invalid or expired nonce")
 		return
@ -395,8 +399,10 @@ func (g *Gateway) issueAPIKeyHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	// Validate nonce exists and not used/expired
-	q := "SELECT id FROM nonces WHERE namespace_id = ? AND wallet = ? AND nonce = ? AND used_at IS NULL AND (expires_at IS NULL OR expires_at > datetime('now')) LIMIT 1"
-	nres, err := db.Query(internalCtx, q, nsID, req.Wallet, req.Nonce)
+	// Normalize wallet address to lowercase for case-insensitive comparison
+	walletLower := strings.ToLower(strings.TrimSpace(req.Wallet))
+	q := "SELECT id FROM nonces WHERE namespace_id = ? AND LOWER(wallet) = LOWER(?) AND nonce = ? AND used_at IS NULL AND (expires_at IS NULL OR expires_at > datetime('now')) LIMIT 1"
+	nres, err := db.Query(internalCtx, q, nsID, walletLower, req.Nonce)
 	if err != nil || nres == nil || nres.Count == 0 {
 		writeError(w, http.StatusBadRequest, "invalid or expired nonce")
 		return