From ba6f1c2e4bddf98b7c590b1fbbe8dda445e0cfda Mon Sep 17 00:00:00 2001
From: edgaratvast <edgar@vast.ai>
Date: Tue, 28 Oct 2025 16:01:32 -0700
Subject: [PATCH] Fix signature (#50)

* change order of fields in auth_data to match autoscaler for signature verification

* also ignore __request_id

* Revert "change order of fields in auth_data to match autoscaler for signature verification" so that it's alphabetical again

This reverts commit b8223879c928f015d368e159b656a448b99b2fbe.

* enforce alphabetical json dumping of message for signature verification

---------

Co-authored-by: Edgar Lin <edgarlin2000@gmail.com>
---
 lib/backend.py    | 4 ++--
 lib/data_types.py | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/backend.py b/lib/backend.py
index e55ce59..0d25a00 100644
--- a/lib/backend.py
+++ b/lib/backend.py
@@ -286,7 +286,7 @@ class Backend:
         message = {
             key: value
             for (key, value) in (dataclasses.asdict(auth_data).items())
-            if key != "signature"
+            if key != "signature" and key != "__request_id"
         }
         if auth_data.reqnum < (self.reqnum - MSG_HISTORY_LEN):
             log.debug(
@@ -296,7 +296,7 @@ class Backend:
         elif message in self.msg_history:
             log.debug(f"message: {message} already in message history")
             return False
-        elif verify_signature(json.dumps(message, indent=4), auth_data.signature):
+        elif verify_signature(json.dumps(message, indent=4, sort_keys=True), auth_data.signature):
             self.reqnum = max(auth_data.reqnum, self.reqnum)
             self.msg_history.append(message)
             self.msg_history = self.msg_history[-MSG_HISTORY_LEN:]
diff --git a/lib/data_types.py b/lib/data_types.py
index ceadfed..77883c5 100644
--- a/lib/data_types.py
+++ b/lib/data_types.py
@@ -65,12 +65,12 @@ class ApiPayload(ABC):
 class AuthData:
     """data used to authenticate requester"""
 
-    signature: str
     cost: str
     endpoint: str
     reqnum: int
-    url: str
     request_idx: int
+    signature: str
+    url: str
 
     @classmethod
     def from_json_msg(cls, json_msg: Dict[str, Any]):