RubyGems - lato - Versions diffs - 3.4.0 → 3.5.0 - Mend

lato 3.4.0 → 3.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

checksums.yaml +4 -4
data/app/controllers/lato/account_controller.rb +34 -0
data/app/models/lato/user.rb +61 -0
data/app/views/lato/account/_form-web3.html.erb +71 -0
data/app/views/lato/account/index.html.erb +3 -15
data/config/locales/en.yml +4 -0
data/config/locales/it.yml +4 -0
data/config/routes.rb +1 -0
data/db/migrate/20240222125124_add_web3_to_lato_users.rb +5 -0
data/db/migrate/20240222171418_add_indexes_on_lato_users_email.rb +5 -0
data/lib/lato/config.rb +5 -0
data/lib/lato/version.rb +1 -1
data/lib/lato.rb +1 -0
metadata +19 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8ca2373e2e8293f273e4c0ed7995b3657b420112041a5969626bb77c50f48c84
-  data.tar.gz: df0f81bd41462215dff6e7c7e3e241dbd1f16ee758c2a7e7bf08ef66072719f2
+  metadata.gz: b47a9599a3d8d0fcac7a1d46e05ac69dee4f8d8beae27641d02c683d6ae63764
+  data.tar.gz: 65d0f084ae8c26c18a8604a87c2320fa7e2ca381e5d2153b42ea7aa2d6267d03
 SHA512:
-  metadata.gz: d9b0e2cefe23edd91bad291c340147e5da9b9f9262746682f9671ac8d0e88f25ab6c040f3c80afe843e4144bf301dbb1af877228740e695bd8a4108e42201c51
-  data.tar.gz: 6bd100032415c248a66c6e7a2f4e17094778b784e3d4bbf1e3bc1351a2f2e91632b81fbde9792837fed1b7d4e34dd02f850cba3d5e98c94ac2527beff231cbf9
+  metadata.gz: 115c515734b76597d2a50b449d2a76176e094c6090a807184b02b3cda6ce3ad580d5db150d3eafb18d836023a75d4838c3bca8958639f1e9eb82f78360256e68
+  data.tar.gz: 531c0bffd01d6b67d73bf85250d5a4336293828a302a1c4dfa73a474a1d5aa401928a6f7df3f1f2bf2e236dfec433628506700af67ee387452872dd40197afa1

data/app/controllers/lato/account_controller.rb CHANGED Viewed

@@ -17,6 +17,40 @@ module Lato
       end
     end
+    def update_web3_action
+      if @session.user.web3_connection_completed?
+        respond_to do |format|
+          if @session.user.remove_web3_connection
+            format.html { redirect_to lato.account_path }
+            format.json { render json: @session.user }
+          else
+            format.html { render :index, status: :unprocessable_entity }
+            format.json { render json: @session.user.errors, status: :unprocessable_entity }
+          end
+        end
+      elsif @session.user.web3_connection_started?
+        respond_to do |format|
+          if @session.user.complete_web3_connection(params.require(:user).permit(:web3_address, :web3_signed_nonce))
+            format.html { redirect_to lato.account_path }
+            format.json { render json: @session.user }
+          else
+            format.html { render :index, status: :unprocessable_entity }
+            format.json { render json: @session.user.errors, status: :unprocessable_entity }
+          end
+        end
+      else
+        respond_to do |format|
+          if @session.user.start_web3_connection
+            format.html { redirect_to lato.account_path }
+            format.json { render json: @session.user }
+          else
+            format.html { render :index, status: :unprocessable_entity }
+            format.json { render json: @session.user.errors, status: :unprocessable_entity }
+          end
+        end
+      end
+    end
     def request_verify_email_action
       respond_to do |format|
         if @session.user.request_verify_email

data/app/models/lato/user.rb CHANGED Viewed

@@ -38,6 +38,7 @@ module Lato
       self.email_verified_at = nil if email_changed?
       self.accepted_privacy_policy_version = Lato.config.legal_privacy_policy_version if accepted_privacy_policy_version_changed?
       self.accepted_terms_and_conditions_version = Lato.config.legal_terms_and_conditions_version if accepted_terms_and_conditions_version_changed?
+      self.web3_address = web3_address&.downcase&.strip if web3_address_changed?
     end
     # Questions
@@ -51,6 +52,14 @@ module Lato
       @valid_accepted_terms_and_conditions_version ||= accepted_terms_and_conditions_version >= Lato.config.legal_terms_and_conditions_version
     end
+    def web3_connection_completed?
+      @web3_connection_completed ||= !web3_address.blank?
+    end
+    def web3_connection_started?
+      @web3_connection_started ||= !c_web3_nonce.blank?
+    end
     # Helpers
     ##
@@ -232,6 +241,42 @@ module Lato
       end
     end
+    def start_web3_connection
+      update(web3_address: nil)
+      c_web3_nonce(SecureRandom.hex(32))
+      true
+    end
+    def complete_web3_connection(params)
+      nonce = c_web3_nonce
+      c_web3_nonce__clear # Important to rollback to status 0 of web3 connection
+      unless nonce
+        errors.add(:base, :web3_nonce_expired)
+        return
+      end
+      signature_pubkey = Eth::Signature.personal_recover(nonce, params[:web3_signed_nonce])
+      signature_address = Eth::Util.public_key_to_address signature_pubkey
+      unless signature_address.to_s.downcase == params[:web3_address].downcase
+        errors.add(:base, :web3_address_invalid)
+        return
+      end
+      update(web3_address: params[:web3_address])
+    rescue StandardError => e
+      c_web3_nonce__clear # Important to rollback to status 0 of web3 connection
+      errors.add(:base, :web3_connection_error)
+      false
+    end
+    def remove_web3_connection
+      update(web3_address: nil)
+      c_web3_nonce__clear
+      true
+    end
     # Cache
     ##
@@ -258,5 +303,21 @@ module Lato
       Rails.cache.write(cache_key, value, expires_in: 30.minutes)
       value
     end
+    def c_web3_nonce(value = nil)
+      cache_key = "Lato::User/c_web3_nonce/#{id}"
+      return Rails.cache.read(cache_key) if value.nil?
+      Rails.cache.write(cache_key, value, expires_in: 1.minutes)
+      @web3_connection_started = nil # HARD FIX: reset web3 connection status
+      value
+    end
+    def c_web3_nonce__clear
+      cache_key = "Lato::User/c_web3_nonce/#{id}"
+      Rails.cache.delete(cache_key)
+      @web3_connection_started = nil # HARD FIX: reset web3 connection status
+      true
+    end
   end
 end

data/app/views/lato/account/_form-web3.html.erb ADDED Viewed

@@ -0,0 +1,71 @@
+<%
+user ||= Lato::User.new
+%>
+<%= turbo_frame_tag 'account_form-web3' do %>
+  <%= form_with model: user, url: lato.account_update_web3_action_path, data: { turbo_frame: '_self', controller: 'lato-form' } do |form| %>
+    <%= lato_form_notices class: %w[mb-3] %>
+    <%= lato_form_errors user, class: %w[mb-3] %>
+    <% if user.web3_connection_completed? %>
+      <div class="row">
+        <div class="col col-12">
+          <%= lato_form_item_label form, :web3_address, 'You are connected to the following address' %>
+          <div class="input-group">
+            <%= lato_form_item_input_text form, :web3_address, required: true, readonly: true %>
+            <%= lato_form_submit form, 'Disconnect', class: %w[btn-danger] %>
+          </div>
+        </div>
+      </div>
+    <% elsif user.web3_connection_started? %>
+      <div class="alert alert-light mb-0">
+        <h4 class="alert-heading">Connecting..</h4>
+        <div class="progress" role="progressbar" aria-valuenow="100" aria-valuemin="0" aria-valuemax="100">
+          <div class="progress-bar progress-bar-striped progress-bar-animated" style="width: 100%"></div>
+        </div>
+      </div>
+      <span id="account_form-web3__nonce" style="display: none;"><%= user.c_web3_nonce %></span>
+      <%= form.hidden_field :web3_address, id: 'account_form-web3__input-web3_address'  %>
+      <%= form.hidden_field :web3_signed_nonce, id: 'account_form-web3__input-web3_signed_nonce' %>
+      <%= lato_form_submit form, 'Confirm', class: %w[btn-primary d-none], id: 'account_form-web3__submit' %>
+      <script>
+        (async () => {
+          const ethers = await import('https://cdnjs.cloudflare.com/ajax/libs/ethers/5.7.2/ethers.esm.min.js')
+          const nonce = document.getElementById('account_form-web3__nonce').innerText
+          const inputAddress = document.getElementById('account_form-web3__input-web3_address')
+          const inputSignedNonce = document.getElementById('account_form-web3__input-web3_signed_nonce')
+          const submitButton = document.getElementById('account_form-web3__submit')
+          let address = ''
+          let signedNonce = ''
+          if (window.ethereum) {
+            const provider = new ethers.ethers.providers.Web3Provider(window.ethereum)
+            const signer = provider.getSigner()
+            address = await signer.getAddress()
+            signedNonce = await signer.signMessage(nonce)
+          }
+          inputAddress.value = address
+          inputSignedNonce.value = signedNonce
+          submitButton.click()
+        })()
+      </script>
+    <% else %>
+      <div class="alert alert-light mb-0">
+        <h4 class="alert-heading">Connect your wallet</h4>
+        <p>
+          Connect your web3 wallet by clicking the button below and signing the message.
+        </p>
+        <p class="mb-0">
+          <%= lato_form_submit form, 'Connect wallet', class: %w[btn-primary] %>
+        </p>
+      </div>
+    <% end %>
+  <% end %>
+<% end %>

data/app/views/lato/account/index.html.erb CHANGED Viewed

@@ -12,13 +12,13 @@
   </div>
 </div>
-<% if false %>
+<% if Lato.config.web3_connection %>
 <div class="card mb-4">
   <div class="card-header">
-    <h2 class="fs-4 mb-0">Dati di fatturazione</h2>
+    <h2 class="fs-4 mb-0"><%= I18n.t('lato.account_web3') %></h2>
   </div>
   <div class="card-body">
+    <%= render 'lato/account/form-web3', user: @session.user %>
   </div>
 </div>
 <% end %>
@@ -32,18 +32,6 @@
   </div>
 </div>
-<% if false %>
-<div class="card mb-4">
-  <div class="card-header">
-    <h2 class="fs-4 mb-0">Chiavi API</h2>
-  </div>
-  <div class="card-body">
-  </div>
-</div>
-<% end %>
 <div class="card mb-4">
   <div class="card-header">
     <h2 class="fs-4 mb-0"><%= I18n.t('lato.account_delete') %></h2>

data/config/locales/en.yml CHANGED Viewed

@@ -40,6 +40,7 @@ en:
     privacy_policy_update_title: Privacy policy update
     terms_and_conditions_update_title: Terms and conditions update
     accept_invitation: Accept invitation
+    account_web3: Web3 connection
     account_controller:
       update_user_action_notice: Account information properly updated
@@ -71,6 +72,9 @@ en:
               password_update_code_invalid: Verification code is invalid
               privacy_policy_invalid: To accept the privacy policy you must select the confirmation checkbox
               terms_and_conditions_invalid: To accept the terms and conditions you must select the confirmation checkbox
+              web3_address_invalid: The address you send is not corretly signed
+              web3_nonce_expired: The nonce used to sign the address is expired
+              web3_connection_error: Impossible to connect the wallet
             password:
               not_correct: not correct
             email:

data/config/locales/it.yml CHANGED Viewed

@@ -42,6 +42,7 @@ it:
     privacy_policy_update_title: Aggiornamento privacy policy
     terms_and_conditions_update_title: Aggiornamento termini e condizioni
     accept_invitation: Accetta invito
+    account_web3: Connessione Web3
     account_controller:
       update_user_action_notice: Informazioni account aggiornate correttamente
@@ -79,6 +80,9 @@ it:
               privacy_policy_invalid: Per accettare la privacy policy devi selezionare la checkbox di conferma
               terms_and_conditions_invalid: Per accettare i termini e condizioni devi selezionare la checkbox di conferma
               invitation_invalid: Invito non valido
+              web3_address_invalid: L'inidirizzo inviato non è correttamente firmato
+              web3_nonce_expired: Il nonce utilizzato per firmare l'indirizzo è scaduto
+              web3_connection_error: Impossibile connettere il wallet
             password:
               not_correct: non corretta
             password_confirmation:

data/config/routes.rb CHANGED Viewed

@@ -32,6 +32,7 @@ Lato::Engine.routes.draw do
   scope :account do
     get '', to: 'account#index', as: :account
     patch 'update_user_action', to: 'account#update_user_action', as: :account_update_user_action
+    patch 'update_web3_action', to: 'account#update_web3_action', as: :account_update_web3_action
     patch 'request_verify_email_action', to: 'account#request_verify_email_action', as: :account_request_verify_email_action
     patch 'update_password_action', to: 'account#update_password_action', as: :account_update_password_action
     delete 'destroy_action', to: 'account#destroy_action', as: :account_destroy_action

data/db/migrate/20240222125124_add_web3_to_lato_users.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddWeb3ToLatoUsers < ActiveRecord::Migration[7.1]
+  def change
+    add_column :lato_users, :web3_address, :string
+  end
+end

data/db/migrate/20240222171418_add_indexes_on_lato_users_email.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddIndexesOnLatoUsersEmail < ActiveRecord::Migration[7.1]
+  def change
+    add_index :lato_users, :email, unique: true
+  end
+end

data/lib/lato/config.rb CHANGED Viewed

@@ -21,6 +21,9 @@ module Lato
     # Legal settings
     attr_accessor :legal_privacy_policy_url, :legal_privacy_policy_version, :legal_terms_and_conditions_url, :legal_terms_and_conditions_version
+    # Web3 connection
+    attr_accessor :web3_connection
     def initialize
       @application_title = 'Lato'
       @application_version = '1.0.0'
@@ -42,6 +45,8 @@ module Lato
       @legal_privacy_policy_version = 1
       @legal_terms_and_conditions_url = '#'
       @legal_terms_and_conditions_version = 1
+      @web3_connection = false
     end
   end
 end

data/lib/lato/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Lato
-  VERSION = "3.4.0"
+  VERSION = "3.5.0"
 end

data/lib/lato.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 require "kaminari"
 require "bootstrap"
 require "browser"
+require "eth"
 require "lato/version"
 require "lato/engine"

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: lato
 version: !ruby/object:Gem::Version
-  version: 3.4.0
+  version: 3.5.0
 platform: ruby
 authors:
 - Gregorio Galante
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-02-09 00:00:00.000000000 Z
+date: 2024-02-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -94,6 +94,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: eth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: A Rails engine that includes what you need to build a new project!
 email:
 - me@gregoriogalante.com
@@ -151,6 +165,7 @@ files:
 - app/views/lato/account/_form-destroy.html.erb
 - app/views/lato/account/_form-password.html.erb
 - app/views/lato/account/_form-user.html.erb
+- app/views/lato/account/_form-web3.html.erb
 - app/views/lato/account/index.html.erb
 - app/views/lato/authentication/_fields-registration.html.erb
 - app/views/lato/authentication/_form-accept-invitation.html.erb
@@ -207,6 +222,8 @@ files:
 - db/migrate/20230109061533_create_lato_invitations.rb
 - db/migrate/20230212211748_add_inviter_lato_user_id_to_invitations.rb
 - db/migrate/20230823165716_create_lato_log_user_signups.rb
+- db/migrate/20240222125124_add_web3_to_lato_users.rb
+- db/migrate/20240222171418_add_indexes_on_lato_users_email.rb
 - lib/lato.rb
 - lib/lato/btstrap.rb
 - lib/lato/config.rb