Deprecate /lambdas/crypto/validate-signature and /lambdas/contracts/*

decentraland / catalyst

🐧 Content server for Decentraland

http://decentraland.github.io/catalyst-monitor

Apache License 2.0

52 stars 54 forks source link

Deprecate /lambdas/crypto/validate-signature and /lambdas/contracts/* #1518

Open hugoArregui opened 1 year ago

hugoArregui commented 1 year ago

Tasks:

[x] Add validateSignature function to @dcl/crypto library replacing /lambdas/crypto/validate-signature endpoint functionality
[ ] Remove /lambdas/crypto/validate-signature endpoint from Lambdas service
[x] Expose functions to retrieve DAO nodes from catalyst-client
[ ] Remove /lambdas/contracts/servers from Lambdas service
[x] Expose functions to retrieve point of interests from catalyst-client
[ ] Remove /lambdas/contracts/denylisted-names from Lambdas service
[x] Expose functions to retrieve blacklisted names from catalyst-client
[ ] Remove /lambdas/contracts/pois from Lambdas service

menduz commented 1 year ago

This function can work entirely client side using the @dcl/crypto library, can even live inside the catalyst-client.

If you add it to lamb2, can you please add a X-Deprecation-Warning header explaining that? And delay it's response by 10sec? to not break the contract and to prevent people from using it because it is slow

hugoArregui commented 1 year ago

This function can work entirely client side using the @dcl/crypto library, can even live inside the catalyst-client.

If you add it to lamb2, can you please add a X-Deprecation-Warning header explaining that? And delay it's response by 10sec? to not break the contract and to prevent people from using it because it is slow

That was 100% the idea, I added this to the new version of catalyst-client, but then talking with Frami he explained to us that this is used by every web having support for smart contract wallets for login, so we decided to keep it here.

menduz commented 1 year ago

IS IT? how does it work? because smart contract wallets check against an ethereum node, not against the catalyst. You can read the code in @dcl/crypto, the client side code uses that lib

hugoArregui commented 1 year ago

@menduz the Authenticator receives an eth-connect http provider for this reason https://github.com/decentraland/lamb2/blob/6497a731c192f7cf9ddcb3c9f47e6e75a552cbcc/src/controllers/handlers/validate-signature.ts#L49

menduz commented 1 year ago

I don't see the point... In order to login from the web, you already have an window.ethereum provider there. Or WalletConnect, thus you can still use @dcl/crypto with that provider.

There is really nothing special about that server-side provider that cannot be used from the web

hugoArregui commented 1 year ago

Ok, I did not know that you will always have an ethereum provider in the frontend. Here's what I would suggest: I still think we need to port this to lamb2 in order to don't delay the deprecation of lambdas, but I'm writing an ADR with all the deprecated endpoints for lambdas (which would we later submit as proposals, one per endpoint), so I'll include this there. Wdyt?