catalyst icon indicating copy to clipboard operation
catalyst copied to clipboard

Published 20 hours ago verified publisher icon decentraland

Deprecate /lambdas/crypto/validate-signature and /lambdas/contracts/*

Open hugoArregui opened this issue 1 year ago • 6 comments

Tasks:

  • [x] Add validateSignature function to @dcl/crypto library replacing /lambdas/crypto/validate-signature endpoint functionality
  • [ ] Remove /lambdas/crypto/validate-signature endpoint from Lambdas service
  • [x] Expose functions to retrieve DAO nodes from catalyst-client
  • [ ] Remove /lambdas/contracts/servers from Lambdas service
  • [x] Expose functions to retrieve point of interests from catalyst-client
  • [ ] Remove /lambdas/contracts/denylisted-names from Lambdas service
  • [x] Expose functions to retrieve blacklisted names from catalyst-client
  • [ ] Remove /lambdas/contracts/pois from Lambdas service

hugoArregui avatar Apr 27 '23 12:04 hugoArregui

This function can work entirely client side using the @dcl/crypto library, can even live inside the catalyst-client.

If you add it to lamb2, can you please add a X-Deprecation-Warning header explaining that? And delay it's response by 10sec? to not break the contract and to prevent people from using it because it is slow

menduz avatar Apr 27 '23 13:04 menduz

This function can work entirely client side using the @dcl/crypto library, can even live inside the catalyst-client.

If you add it to lamb2, can you please add a X-Deprecation-Warning header explaining that? And delay it's response by 10sec? to not break the contract and to prevent people from using it because it is slow

That was 100% the idea, I added this to the new version of catalyst-client, but then talking with Frami he explained to us that this is used by every web having support for smart contract wallets for login, so we decided to keep it here.

hugoArregui avatar Apr 27 '23 13:04 hugoArregui

IS IT? how does it work? because smart contract wallets check against an ethereum node, not against the catalyst. You can read the code in @dcl/crypto, the client side code uses that lib

menduz avatar Apr 27 '23 14:04 menduz

@menduz the Authenticator receives an eth-connect http provider for this reason https://github.com/decentraland/lamb2/blob/6497a731c192f7cf9ddcb3c9f47e6e75a552cbcc/src/controllers/handlers/validate-signature.ts#L49

hugoArregui avatar Apr 27 '23 14:04 hugoArregui

I don't see the point... In order to login from the web, you already have an window.ethereum provider there. Or WalletConnect, thus you can still use @dcl/crypto with that provider.

There is really nothing special about that server-side provider that cannot be used from the web

menduz avatar Apr 27 '23 14:04 menduz

Ok, I did not know that you will always have an ethereum provider in the frontend. Here's what I would suggest: I still think we need to port this to lamb2 in order to don't delay the deprecation of lambdas, but I'm writing an ADR with all the deprecated endpoints for lambdas (which would we later submit as proposals, one per endpoint), so I'll include this there. Wdyt?

hugoArregui avatar Apr 27 '23 14:04 hugoArregui