1.0.0 • Published 2 years ago

@agoraxyz/guildauth v1.0.0

Weekly downloads
-
License
MIT
Repository
github
Last release
2 years ago

Authentication module for Guild.xyz Public API | WIP

Background

One of the most common problems with digital signature-based authentication systems is the replay attack. We have developed a new authentication method against this vulnerability, which both ensures the integrity of the request independent of TLS encapsulation (HTTPS) and protects against replay based attacks. This ensures protection from the signature service (Wallet client) all the way to the API.

Example

const guildAuth = require("@agoraxyz/guildauth");

//If you initialize guildAuth without a mnemonic, it will automatically generate a private key
const auth = new guildAuth();

//Or you can initialize with mnemonic
const auth = new guildAuth("neglect twenty arena spatial thunder mixed citizen over awful glad rally stomach");

//Get current address
console.log(auth.getAddress());
// 0x502d5f2DfE608D5135e649F1d76466E977158BB3

//Get current mnemonic
console.log(auth.getMnemonic());
// neglect twenty arena spatial thunder mixed citizen over awful glad rally stomach

//Prepare request without payload
console.log(await auth.prepareRequest());
// {"payload":{},"validation":{"address":"0xea66400591bf2485907749f71615128238f7ef0a","addressSignedMessage":"0xddc0d710043a232b430a3678d76367489b8f6c329e27e81795e75efb4744289034fdc4f7284e37b791609b0e1d76bf9a1837db2a3adf158e31a37ac6c91656511c","nonce":"0x26bb7d4c941aec37b239dbf6850e149faace8df740809c8f989c270f2a543c51","random":"wrETMso/e9YiMloSSeEusgMuoaVirTuIPfkzYGkDv7w=","timestamp":"1646265565126"}}

//Prepare request with payload
console.log(await auth.prepareRequest({ guildId: 1234}));
// {"payload":{"guildId":1234},"validation":{"address":"0xea66400591bf2485907749f71615128238f7ef0a","addressSignedMessage":"0x544855fc7c34b2411d74b45395ae59e87b6be10c15598a12446f3b0b0daf25f501ad8532a6420f9c8288724df2e03c14068786260a2eaaa9938e31318034fe1b1b","hash":"0xd24a3714283ef2c42428e247e76d4afe6bb6f4c73b10131978b877bc78238aa9","nonce":"0x3c3b72ba441b2740682d8974d96df2f61f3b9d49235d97ff6d5fd50373b2429c","random":"vrCxwqgt0ml9bF9z3Pxg9j9te1v0VU/9Yx9oFkfm84k=","timestamp":"1646267441728"}}

//Generate random wallet (https://docs.ethers.io/v5/api/signer/#Wallet-createRandom)
const wallet = auth.createRandomWallet();

//Generate random mnemonic
console.log(auth.createRandomMnemonic());
// letter sphere minimum tissue armed thumb wolf catalog theory mass arctic notice

Authentication flowchart

Authflow

guildxyzguildauthagoraxyzagoraspace
ethersfast-json-stable-stringify
@everything-registry/sub-chunk-33@infinitebrahmanuniverse/nolb-_ago@zalastax/nolb-_ago
1.0.0

2 years ago