From 8d7211c17ffb5f2f55e0c475a712c16097594527 Mon Sep 17 00:00:00 2001
From: Oleg Silkin <o.silkin98@gmail.com>
Date: Mon, 29 Jul 2019 16:36:23 -0400
Subject: [PATCH] Adds `signing_ts` into the signature schema

---
 src/server/handles.py | 2 +-
 src/server/misc.py    | 9 +++------
 src/server/writes.py  | 4 ++--
 3 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/src/server/handles.py b/src/server/handles.py
index a97b21e..a3bede9 100644
--- a/src/server/handles.py
+++ b/src/server/handles.py
@@ -75,8 +75,8 @@ async def process_json(app, body: dict) -> dict:
         params = body.get('params', {})
         clean_input_params(params)
         logger.debug(f'Received Method {method}, params: {params}')
+        start = time.time()
         try:
-            start = time.time()
             if asyncio.iscoroutinefunction(METHODS[method]):
                 result = await METHODS[method](app, params)
             else:
diff --git a/src/server/misc.py b/src/server/misc.py
index 0fb6981..70ecc71 100644
--- a/src/server/misc.py
+++ b/src/server/misc.py
@@ -35,9 +35,7 @@ def make_error(error, exc=None) -> dict:
     body = ERRORS[error] if error in ERRORS else ERRORS['INTERNAL']
     try:
         if exc:
-            body.update({
-                type(exc).__name__: str(exc)
-            })
+            body.update({type(exc).__name__: str(exc)})
     finally:
         return body
 
@@ -112,12 +110,12 @@ def is_valid_credential_input(channel_id=None, channel_name=None, signature=None
     return True
 
 
-async def is_authentic_delete_signal(app, comment_id, channel_name, channel_id, signature):
+async def is_authentic_delete_signal(app, comment_id, channel_name, channel_id, signature, signing_ts):
     claim = await resolve_channel_claim(app, channel_id, channel_name)
     if claim:
         public_key = claim['value']['public_key']
         claim_hash = binascii.unhexlify(claim['claim_id'].encode())[::-1]
-        pieces_injest = b''.join((comment_id.encode(), claim_hash))
+        pieces_injest = b''.join((signing_ts.encode(), comment_id.encode(), claim_hash))
         return is_signature_valid(
             encoded_signature=get_encoded_signature(signature),
             signature_digest=hashlib.sha256(pieces_injest).digest(),
@@ -132,4 +130,3 @@ def clean_input_params(kwargs: dict):
             kwargs[k] = v.strip()
             if k in ID_LIST:
                 kwargs[k] = v.lower()
-
diff --git a/src/server/writes.py b/src/server/writes.py
index 2feb928..902548d 100644
--- a/src/server/writes.py
+++ b/src/server/writes.py
@@ -38,8 +38,8 @@ async def delete_comment(app, comment_id):
     return await coroutine(delete_comment_by_id)(app['writer'], comment_id)
 
 
-async def delete_comment_if_authorized(app, comment_id, channel_name, channel_id, signature):
-    authorized = await is_authentic_delete_signal(app, comment_id, channel_name, channel_id, signature)
+async def delete_comment_if_authorized(app, comment_id, **kwargs):
+    authorized = await is_authentic_delete_signal(app, comment_id, **kwargs)
     if not authorized:
         return {'deleted': False}