I have this website which mints an avatar of the user's choice of pieces (background color, nose types, eyes types etc.).
The contract that I am using right now works just fine for the website. However, it is able to mint from snowtrace as well. I want to limit my contract such that it should only allow minting from the website.
I want to prevent any others to mint dummy stuff in my contract using contract interaction snowtrace. Contract should only allow minting from the website.
I think it is possible using signatures hash, the mint function would require a signature from an address, that private key address would be held on website backend, it would sign a message to be validated on the mint function.
As long as the private key is only accessed by the website backend, always the user would need to pass through that. I'm just not sure how you would prevent user to mint one more time if he/she uses a previous hash message already known, but I guess it could be solved as well.
Some resources that could be helpful as well: https://solidity-by-example.org/signature/ https://blog.chainsafe.io/how-to-verify-a-signed-message-in-solidity-6b3100277424
update: you can prevent user to mint outside website even if he/she knows a previous hash message by adding a dynamic data as part of the required hash message, as per example, the msg.sender and its nonce. So, even if the user try to mint again with a previous message it won't be valid because the nonce is different and not valid anymore, once contract would require a hash message with the latest nonce of the msg.sender.