Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: SIWE tutorial #459

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

docs: SIWE tutorial #459

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
428babf
sapphire-contract: Change bearer token type calldata -> memory
matevz Nov 22, 2024
6538060
docs: Add SIWE tutorial
matevz Nov 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 8 additions & 7 deletions contracts/contracts/auth/A13e.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,12 @@ import {SignatureRSV} from "../EthereumUtils.sol";
* @title Interface for authenticatable contracts
* @notice This is the interface for universal authentication mechanism (e.g.
* SIWE):
* 1. The user-facing app calls login() to generate the bearer token on-chain.
* 2. Any smart contract method that requires authentication accept this token
* as an argument. Then, it passes the token to authMsgSender() to verify it
* and obtain the **authenticated** user address. This address can then serve
* as a user ID for authorization.
* 1. The user-facing app calls `login()` which generates the bearer token
* on-chain.
* 2. Any smart contract method that requires authentication takes this token
* as an argument. It passes this token to `authMsgSender()` to verify it
* and obtain the **authenticated** user address. This address can then
* serve as a user ID for authorization.
Comment on lines +12 to +15
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* 2. Any smart contract method that requires authentication takes this token
* as an argument. It passes this token to `authMsgSender()` to verify it
* and obtain the **authenticated** user address. This address can then
* serve as a user ID for authorization.
* 2. Any smart contract method that requires authentication can take this token
* as an argument. Passing this token to `authMsgSender()` verifies it
* and returns the **authenticated** user address. This verified address can then
* serve as a user ID for authorization.

*/
abstract contract A13e {
/// A mapping of revoked bearers. Access it directly or use the checkRevokedBearer modifier.
Expand All @@ -23,7 +24,7 @@ abstract contract A13e {
/**
* @notice Reverts if the given bearer was revoked
*/
modifier checkRevokedBearer(bytes calldata bearer) {
modifier checkRevokedBearer(bytes memory bearer) {
if (_revokedBearers[keccak256(bearer)]) {
revert RevokedBearer();
}
Expand All @@ -43,7 +44,7 @@ abstract contract A13e {
/**
* @notice Validate the bearer token and return authenticated msg.sender.
*/
function authMsgSender(bytes calldata bearer)
function authMsgSender(bytes memory bearer)
internal
view
virtual
Expand Down
16 changes: 12 additions & 4 deletions contracts/contracts/auth/SiweAuth.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,17 +16,18 @@ struct Bearer {
/**
* @title Base contract for SIWE-based authentication
* @notice Inherit this contract, if you wish to enable SIWE-based
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* @notice Inherit this contract, if you wish to enable SIWE-based
* @notice Inherit this contract if you wish to enable SIWE-based

* authentication for your contract methods that require authenticated calls.
* authentication for your contract methods that require authentication.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* authentication for your contract methods that require authentication.
* authentication in your contract functions.

(optional) I read "functions" more in Solidity documentation?

* The smart contract needs to be bound to a domain (passed in constructor).
*
* #### Example
*
* ```solidity
* contract MyContract is SiweAuth {
* address private _owner;
* string private _message;
*
* modifier onlyOwner(bytes calldata bearer) {
* if (authMsgSender(bearer) != _owner) {
* if (msg.sender != _owner && authMsgSender(bearer) != _owner) {
* revert("not allowed");
* }
* _;
Expand All @@ -37,7 +38,11 @@ struct Bearer {
* }
*
* function getSecretMessage(bytes calldata bearer) external view onlyOwner(bearer) returns (string memory) {
* return "Very secret message";
* return _message;
* }
*
* function setSecretMessage(string calldata message) external onlyOwner("") {
* _message = message;
* }
* }
* ```
Expand Down Expand Up @@ -144,13 +149,16 @@ contract SiweAuth is A13e {
return _domain;
}

function authMsgSender(bytes calldata bearer)
function authMsgSender(bytes memory bearer)
internal
view
override
checkRevokedBearer(bearer)
returns (address)
{
if (bearer.length == 0) {
return address(0);
}
bytes memory bearerEncoded = Sapphire.decrypt(
_bearerEncKey,
0,
Expand Down
Loading
Loading