Feat/wallet signature nonce

[sweetesty]

📌 Pull Request

🔗 Related Issue
Closes #131

📝 Description

• Implements a nonce-based replay protection system for wallet signature logins
• Necessary to prevent malicious reuse of captured wallet signatures during authentication

🚀 Changes Made

• Feature implemented: Unique nonce generation for every login attempt

  • Uses cryptographically secure random values (UUID / secure RNG)

• Feature implemented: Temporary nonce storage with short TTL

  • Stored in Redis/in-memory store to auto-expire stale nonces

• Feature implemented: Nonce validation middleware

  • Validates nonce before signature verification
  • Rejects login requests with missing or invalid nonces
  • Clears nonce immediately after successful login or failed attempt

• Feature implemented: Replay attack prevention

  • Blocks any attempt to reuse a previously consumed signature

• Feature implemented: Nonce usage logging

  • Added audit/debug logging for nonce lifecycle events

🧪 Testing & Validation

• Tested locally
• No runtime errors
• Existing features work as expected
• Edge cases handled (expired nonce, missing nonce, replay attempt, failed login cleanup)

⚠️ Breaking Changes

• No breaking changes

📋 Contributor Checklist (MANDATORY)

• I was assigned to this issue
• My code follows the project structure and conventions
• I have tested my changes thoroughly
• I did not introduce unnecessary dependencies
• I have linked the issue (Closes Wallet Signature Nonce System (Replay Protection) #131)
• This PR is ready for review

💡 Notes for Reviewer

• Key areas to review: nonce generation logic, TTL configuration, nonce clearance after use, replay blocking mechanism
• Known limitations: None

[drips-wave]

@sweetesty Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits