passport-web3 v0.1.7

Web3 Passport Strategy

Web3 strategy for passport which authenticates the user by decoding a message signed with the user's ETH address, and checking if it matches the address that they are trying to authenticate.

Setup

const Web3Strategy = require('passport-web3');

/**
 * Called when authorization succeeds. Perform any additional verification here,
 * and either return the user's data (if valid), or deny authorization by
 * passing an error to the `done` callback.
 */
const onAuth = (address, done) => {
  // optional additional validation. To deny auth:
  // done(new Error('User is not authorized.'));
  User.findOne({ address }, (err, user) => done(err, user));
};
const web3Strategy = new Web3Strategy(onAuth);

passport.use(web3Strategy);

// endpoint
app.post('/login', passport.authenticate('web3'));

Usage (client-side)

const ethUtil = require('ethereumjs-util');

// The contents of the message can be anything
const rawMessage = 'Some message';
const msg = ethUtil.bufferToHex(new Buffer(rawMessage, 'utf8'));
const address = web3.eth.accounts[0];
const handleSignature = (err, signed) => {
  if (!err) {
    const fetchOpts = {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' }.
      body: JSON.stringify({ address, msg, signed })
    };

    fetch('/login', fetchOpts).then(res => {
      if (res.status >= 200 && res.status <= 300) {
        return res.json();
      } else {
        throw Error(res.statusText);
      }
    }).then(json => {
      // Auth succeeded
    }).catch(err => {
      // Auth failed
    })
  }
};

web3.personal.sign(msg, address, handleSign);