RubyGems - lato - Versions diffs - 3.4.0 → 3.5.0 - Mend

lato 3.4.0 → 3.5.0

Files changed (14) hide show

checksums.yaml +4 -4
data/app/controllers/lato/account_controller.rb +34 -0
data/app/models/lato/user.rb +61 -0
data/app/views/lato/account/_form-web3.html.erb +71 -0
data/app/views/lato/account/index.html.erb +3 -15
data/config/locales/en.yml +4 -0
data/config/locales/it.yml +4 -0
data/config/routes.rb +1 -0
data/db/migrate/20240222125124_add_web3_to_lato_users.rb +5 -0
data/db/migrate/20240222171418_add_indexes_on_lato_users_email.rb +5 -0
data/lib/lato/config.rb +5 -0
data/lib/lato/version.rb +1 -1
data/lib/lato.rb +1 -0
metadata +19 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8ca2373e2e8293f273e4c0ed7995b3657b420112041a5969626bb77c50f48c84
-  data.tar.gz: df0f81bd41462215dff6e7c7e3e241dbd1f16ee758c2a7e7bf08ef66072719f2
+  metadata.gz: b47a9599a3d8d0fcac7a1d46e05ac69dee4f8d8beae27641d02c683d6ae63764
+  data.tar.gz: 65d0f084ae8c26c18a8604a87c2320fa7e2ca381e5d2153b42ea7aa2d6267d03
 SHA512:
-  metadata.gz: d9b0e2cefe23edd91bad291c340147e5da9b9f9262746682f9671ac8d0e88f25ab6c040f3c80afe843e4144bf301dbb1af877228740e695bd8a4108e42201c51
-  data.tar.gz: 6bd100032415c248a66c6e7a2f4e17094778b784e3d4bbf1e3bc1351a2f2e91632b81fbde9792837fed1b7d4e34dd02f850cba3d5e98c94ac2527beff231cbf9
+  metadata.gz: 115c515734b76597d2a50b449d2a76176e094c6090a807184b02b3cda6ce3ad580d5db150d3eafb18d836023a75d4838c3bca8958639f1e9eb82f78360256e68
+  data.tar.gz: 531c0bffd01d6b67d73bf85250d5a4336293828a302a1c4dfa73a474a1d5aa401928a6f7df3f1f2bf2e236dfec433628506700af67ee387452872dd40197afa1

data/app/controllers/lato/account_controller.rb CHANGED Viewed

@@ -17,6 +17,40 @@ module Lato
       end
     end
+    def update_web3_action
+      if @session.user.web3_connection_completed?
+        respond_to do |format|
+          if @session.user.remove_web3_connection
+            format.html { redirect_to lato.account_path }
+            format.json { render json: @session.user }
+          else
+            format.html { render :index, status: :unprocessable_entity }
+            format.json { render json: @session.user.errors, status: :unprocessable_entity }
+          end
+        end
+      elsif @session.user.web3_connection_started?
+        respond_to do |format|
+          if @session.user.complete_web3_connection(params.require(:user).permit(:web3_address, :web3_signed_nonce))
+            format.html { redirect_to lato.account_path }
+            format.json { render json: @session.user }
+          else
+            format.html { render :index, status: :unprocessable_entity }
+            format.json { render json: @session.user.errors, status: :unprocessable_entity }
+          end
+        end
+      else
+        respond_to do |format|
+          if @session.user.start_web3_connection
+            format.html { redirect_to lato.account_path }
+            format.json { render json: @session.user }
+          else
+            format.html { render :index, status: :unprocessable_entity }
+            format.json { render json: @session.user.errors, status: :unprocessable_entity }
+          end
+        end
+      end
+    end
     def request_verify_email_action
       respond_to do |format|
         if @session.user.request_verify_email

data/app/models/lato/user.rb CHANGED Viewed

@@ -38,6 +38,7 @@ module Lato
       self.email_verified_at = nil if email_changed?
       self.accepted_privacy_policy_version = Lato.config.legal_privacy_policy_version if accepted_privacy_policy_version_changed?
       self.accepted_terms_and_conditions_version = Lato.config.legal_terms_and_conditions_version if accepted_terms_and_conditions_version_changed?
+      self.web3_address = web3_address&.downcase&.strip if web3_address_changed?
     end
     # Questions
@@ -51,6 +52,14 @@ module Lato
       @valid_accepted_terms_and_conditions_version ||= accepted_terms_and_conditions_version >= Lato.config.legal_terms_and_conditions_version
     end
+    def web3_connection_completed?
+      @web3_connection_completed ||= !web3_address.blank?
+    end
+    def web3_connection_started?
+      @web3_connection_started ||= !c_web3_nonce.blank?
+    end
     # Helpers
     ##
@@ -232,6 +241,42 @@ module Lato
       end
     end
+    def start_web3_connection
+      update(web3_address: nil)
+      c_web3_nonce(SecureRandom.hex(32))
+      true
+    end
+    def complete_web3_connection(params)
+      nonce = c_web3_nonce
+      c_web3_nonce__clear # Important to rollback to status 0 of web3 connection
+      unless nonce
+        errors.add(:base, :web3_nonce_expired)
+        return
+      end
+      signature_pubkey = Eth::Signature.personal_recover(nonce, params[:web3_signed_nonce])
+      signature_address = Eth::Util.public_key_to_address signature_pubkey
+      unless signature_address.to_s.downcase == params[:web3_address].downcase
+        errors.add(:base, :web3_address_invalid)
+        return
+      end
+      update(web3_address: params[:web3_address])
+    rescue StandardError => e
+      c_web3_nonce__clear # Important to rollback to status 0 of web3 connection
+      errors.add(:base, :web3_connection_error)
+      false
+    end
+    def remove_web3_connection
+      update(web3_address: nil)
+      c_web3_nonce__clear
+      true
+    end
     # Cache
     ##
@@ -258,5 +303,21 @@ module Lato
       Rails.cache.write(cache_key, value, expires_in: 30.minutes)
       value
     end
+    def c_web3_nonce(value = nil)
+      cache_key = "Lato::User/c_web3_nonce/#{id}"
+      return Rails.cache.read(cache_key) if value.nil?
+      Rails.cache.write(cache_key, value, expires_in: 1.minutes)
+      @web3_connection_started = nil # HARD FIX: reset web3 connection status
+      value
+    end
+    def c_web3_nonce__clear
+      cache_key = "Lato::User/c_web3_nonce/#{id}"
+      Rails.cache.delete(cache_key)
+      @web3_connection_started = nil # HARD FIX: reset web3 connection status
+      true
+    end
   end
 end

data/app/views/lato/account/_form-web3.html.erb ADDED Viewed

@@ -0,0 +1,71 @@
+<%
+user ||= Lato::User.new
+%>
+<%= turbo_frame_tag 'account_form-web3' do %>
+  <%= form_with model: user, url: lato.account_update_web3_action_path, data: { turbo_frame: '_self', controller: 'lato-form' } do |form| %>
+    <%= lato_form_notices class: %w[mb-3] %>
+    <%= lato_form_errors user, class: %w[mb-3] %>
+    <% if user.web3_connection_completed? %>
+      <div class="row">
+        <div class="col col-12">
+          <%= lato_form_item_label form, :web3_address, 'You are connected to the following address' %>
+          <div class="input-group">
+            <%= lato_form_item_input_text form, :web3_address, required: true, readonly: true %>
+            <%= lato_form_submit form, 'Disconnect', class: %w[btn-danger] %>
+          </div>
+        </div>
+      </div>
+    <% elsif user.web3_connection_started? %>
+      <div class="alert alert-light mb-0">
+        <h4 class="alert-heading">Connecting..</h4>
+        <div class="progress" role="progressbar" aria-valuenow="100" aria-valuemin="0" aria-valuemax="100">
+          <div class="progress-bar progress-bar-striped progress-bar-animated" style="width: 100%"></div>
+        </div>
+      </div>
+      <span id="account_form-web3__nonce" style="display: none;"><%= user.c_web3_nonce %></span>
+      <%= form.hidden_field :web3_address, id: 'account_form-web3__input-web3_address'  %>
+      <%= form.hidden_field :web3_signed_nonce, id: 'account_form-web3__input-web3_signed_nonce' %>
+      <%= lato_form_submit form, 'Confirm', class: %w[btn-primary d-none], id: 'account_form-web3__submit' %>
+      <script>
+        (async () => {
+          const ethers = await import('https://cdnjs.cloudflare.com/ajax/libs/ethers/5.7.2/ethers.esm.min.js')
+          const nonce = document.getElementById('account_form-web3__nonce').innerText
+          const inputAddress = document.getElementById('account_form-web3__input-web3_address')
+          const inputSignedNonce = document.getElementById('account_form-web3__input-web3_signed_nonce')
+          const submitButton = document.getElementById('account_form-web3__submit')
+          let address = ''
+          let signedNonce = ''
+          if (window.ethereum) {
+            const provider = new ethers.ethers.providers.Web3Provider(window.ethereum)
+            const signer = provider.getSigner()
+            address = await signer.getAddress()
+            signedNonce = await signer.signMessage(nonce)
+          }
+          inputAddress.value = address
+          inputSignedNonce.value = signedNonce
+          submitButton.click()
+        })()
+      </script>
+    <% else %>
+      <div class="alert alert-light mb-0">
+        <h4 class="alert-heading">Connect your wallet</h4>
+        <p>
+          Connect your web3 wallet by clicking the button below and signing the message.
+        </p>
+        <p class="mb-0">
+          <%= lato_form_submit form, 'Connect wallet', class: %w[btn-primary] %>
+        </p>
+      </div>
+    <% end %>
+  <% end %>
+<% end %>

data/app/views/lato/account/index.html.erb CHANGED Viewed

@@ -12,13 +12,13 @@
   </div>
 </div>
-<% if false %>
+<% if Lato.config.web3_connection %>
 <div class="card mb-4">
   <div class="card-header">
-    <h2 class="fs-4 mb-0">Dati di fatturazione</h2>
+    <h2 class="fs-4 mb-0"><%= I18n.t('lato.account_web3') %></h2>
   </div>
   <div class="card-body">
+    <%= render 'lato/account/form-web3', user: @session.user %>
   </div>
 </div>
 <% end %>
@@ -32,18 +32,6 @@
   </div>
 </div>
-<% if false %>
-<div class="card mb-4">
-  <div class="card-header">
-    <h2 class="fs-4 mb-0">Chiavi API</h2>
-  </div>
-  <div class="card-body">
-  </div>
-</div>
-<% end %>
 <div class="card mb-4">
   <div class="card-header">
     <h2 class="fs-4 mb-0"><%= I18n.t('lato.account_delete') %></h2>

data/config/locales/en.yml CHANGED Viewed

@@ -40,6 +40,7 @@ en:
     privacy_policy_update_title: Privacy policy update
     terms_and_conditions_update_title: Terms and conditions update
     accept_invitation: Accept invitation
+    account_web3: Web3 connection
     account_controller:
       update_user_action_notice: Account information properly updated
@@ -71,6 +72,9 @@ en:
               password_update_code_invalid: Verification code is invalid
               privacy_policy_invalid: To accept the privacy policy you must select the confirmation checkbox
               terms_and_conditions_invalid: To accept the terms and conditions you must select the confirmation checkbox
+              web3_address_invalid: The address you send is not corretly signed
+              web3_nonce_expired: The nonce used to sign the address is expired
+              web3_connection_error: Impossible to connect the wallet
             password:
               not_correct: not correct
             email:

data/config/locales/it.yml CHANGED Viewed

@@ -42,6 +42,7 @@ it:
     privacy_policy_update_title: Aggiornamento privacy policy
     terms_and_conditions_update_title: Aggiornamento termini e condizioni
     accept_invitation: Accetta invito
+    account_web3: Connessione Web3
     account_controller:
       update_user_action_notice: Informazioni account aggiornate correttamente
@@ -79,6 +80,9 @@ it:
               privacy_policy_invalid: Per accettare la privacy policy devi selezionare la checkbox di conferma
               terms_and_conditions_invalid: Per accettare i termini e condizioni devi selezionare la checkbox di conferma
               invitation_invalid: Invito non valido
+              web3_address_invalid: L'inidirizzo inviato non è correttamente firmato
+              web3_nonce_expired: Il nonce utilizzato per firmare l'indirizzo è scaduto
+              web3_connection_error: Impossibile connettere il wallet
             password:
               not_correct: non corretta
             password_confirmation:

data/config/routes.rb CHANGED Viewed

@@ -32,6 +32,7 @@ Lato::Engine.routes.draw do
   scope :account do
     get '', to: 'account#index', as: :account
     patch 'update_user_action', to: 'account#update_user_action', as: :account_update_user_action
+    patch 'update_web3_action', to: 'account#update_web3_action', as: :account_update_web3_action
     patch 'request_verify_email_action', to: 'account#request_verify_email_action', as: :account_request_verify_email_action
     patch 'update_password_action', to: 'account#update_password_action', as: :account_update_password_action
     delete 'destroy_action', to: 'account#destroy_action', as: :account_destroy_action

data/db/migrate/20240222125124_add_web3_to_lato_users.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddWeb3ToLatoUsers < ActiveRecord::Migration[7.1]
+  def change
+    add_column :lato_users, :web3_address, :string
+  end
+end

data/db/migrate/20240222171418_add_indexes_on_lato_users_email.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddIndexesOnLatoUsersEmail < ActiveRecord::Migration[7.1]
+  def change
+    add_index :lato_users, :email, unique: true
+  end
+end

data/lib/lato/config.rb CHANGED Viewed

@@ -21,6 +21,9 @@ module Lato
     # Legal settings
     attr_accessor :legal_privacy_policy_url, :legal_privacy_policy_version, :legal_terms_and_conditions_url, :legal_terms_and_conditions_version
+    # Web3 connection
+    attr_accessor :web3_connection
     def initialize
       @application_title = 'Lato'
       @application_version = '1.0.0'
@@ -42,6 +45,8 @@ module Lato
       @legal_privacy_policy_version = 1
       @legal_terms_and_conditions_url = '#'
       @legal_terms_and_conditions_version = 1
+      @web3_connection = false
     end
   end
 end

data/lib/lato/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Lato
-  VERSION = "3.4.0"
+  VERSION = "3.5.0"
 end

data/lib/lato.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 require "kaminari"
 require "bootstrap"
 require "browser"
+require "eth"
 require "lato/version"
 require "lato/engine"

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: lato
 version: !ruby/object:Gem::Version
-  version: 3.4.0
+  version: 3.5.0
 platform: ruby
 authors:
 - Gregorio Galante
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-02-09 00:00:00.000000000 Z
+date: 2024-02-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -94,6 +94,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: eth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: A Rails engine that includes what you need to build a new project!
 email:
 - me@gregoriogalante.com
@@ -151,6 +165,7 @@ files:
 - app/views/lato/account/_form-destroy.html.erb
 - app/views/lato/account/_form-password.html.erb
 - app/views/lato/account/_form-user.html.erb
+- app/views/lato/account/_form-web3.html.erb
 - app/views/lato/account/index.html.erb
 - app/views/lato/authentication/_fields-registration.html.erb
 - app/views/lato/authentication/_form-accept-invitation.html.erb
@@ -207,6 +222,8 @@ files:
 - db/migrate/20230109061533_create_lato_invitations.rb
 - db/migrate/20230212211748_add_inviter_lato_user_id_to_invitations.rb
 - db/migrate/20230823165716_create_lato_log_user_signups.rb
+- db/migrate/20240222125124_add_web3_to_lato_users.rb
+- db/migrate/20240222171418_add_indexes_on_lato_users_email.rb
 - lib/lato.rb
 - lib/lato/btstrap.rb
 - lib/lato/config.rb