fix: implement cryptographic signature verification

[divol89]

Summary

Implements real cryptographic signature verification using viem to replace the mocked isValidSignature = true.

Security Fix

• Fixes Implement cryptographic signature verification for wallet linking endpoint #70 - Users can no longer link arbitrary wallets without proving ownership
• Uses viem's verifyMessage for robust signature verification
• Returns 403 for invalid signatures with proper error handling

Changes

• Import verifyMessage from viem
• Verify signature matches claimed address
• Handle verification errors gracefully

Wallet: BYCgQQpJT1odaunfvk6gtm5hVd7Xu93vYwbumFfqgHb3

Summary by CodeRabbit

• Bug Fixes
  • Wallet linking now properly validates signatures on requests to ensure authenticity.

[coderabbitai]

📝 Walkthrough

Walkthrough

The wallet linking endpoint's signature verification is replaced with real cryptographic verification using viem's verifyMessage function. The implementation constructs a message, verifies the signature against the provided address, and returns 403 errors for invalid or malformed signatures with appropriate logging.

Changes

Cohort / File(s)	Summary
Signature Verification Implementation app/api/reputation/link-wallet/route.ts	Replaced mocked signature check with real cryptographic verification. Added message construction, viem verifyMessage call, error handling for verification failures and invalid signature formats, with 403 HTTP responses and error logging.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A signature verified, no longer a jest,
Real cryptography puts security to the test,
Wallets now linked with authentic proof,
No more false claims—this change's the truth! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely summarizes the main security fix: implementing cryptographic signature verification instead of a mocked check.
Linked Issues check	✅ Passed	All coding requirements from issue #70 are met: real verifyMessage implementation [#70], signature/address verification [#70], 403 error handling [#70], and error handling [#70].
Out of Scope Changes check	✅ Passed	All changes are directly related to implementing signature verification in the wallet linking endpoint as required by issue #70; no unrelated modifications detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[willbyers1]

The code is clean and easy to follow. LGTM...