siwe-rb 0.1.2 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2f43daa18ea4cad6fad589c66ec33ab0e42fe605371705b9f6b6b9c42a00d619
-  data.tar.gz: 251ff4c5139a8632090db0db4480020bfe954a595d855d13e9a45ede412feaf4
+  metadata.gz: 94f4cdbde4fcf4c3f8e2e30c26390a0ed6a56600297f9a843d651e48009a64ea
+  data.tar.gz: 7b065dbbb37260fae1520c4a8f3d89e9917ebcd8b187e6aa0467104591b9b7cd
 SHA512:
-  metadata.gz: 82a18c3a0584046085715bd316d8eda59628b6b92696f2b219adb8e3115546cdcbf2deb3c72996a36550a8fa0966a25a15acfeacbc1416386c153b9a8d771c5a
-  data.tar.gz: 88b136c8941313f6d11cf9ea6bb03c538d2e00f09ea4b40fa5806810eb2efbb381f14d738cb2266c36151c9104cab1e0af37f23c7c44e17441e984afc90163dd
+  metadata.gz: 2241b00fc2ab6ccd140d3fab0983b9a112e6812fda40485c75320ce680a62feb461d6d0197cb5166dce43b0f6b8e2223d0b60d605f735e91dcb7e7076d2ec101
+  data.tar.gz: 68d02a5ba04da51c6c74ff934ccb2e1f7d47ca62a948df4b35dd1b9134075651753345902d5c4b5f47e6a5bcbd5c14dd1005274c981401de2c8fcb6b0164c1b8

data/CHANGELOG.md

@@ -1,5 +1,17 @@
 # Changelog
 
+## [0.2.0] — 2026-05-26
+
+Spec-conformance pass. Several behaviour changes; the only one that breaks API contract is the strict chain-id requirement on the smart-wallet path (3).
+
+1. **RFC 3986 enforcement for `domain`, `URI`, and resource URIs.** The previous regexes accepted malformed authorities (`example.com:abc`), IP-literal hosts with invalid IPv4 octets (`uri://[::0.0.0.256]/p`), and URI characters outside RFC 3986 (`https://example.com/path?q=one|two`). The shared test-vector suite's `invalid_uris` / `invalid_resources` grammar cases were silently passing because the spec wrapper called `vec["msg"]` on raw-string entries; both the parser and the spec are fixed.
+2. **Expiration boundary now matches sibling implementations.** A message is rejected at the exact `Expiration Time` (not one instant after), aligning with TypeScript / Python / Rust.
+3. **Smart-wallet chain binding is enforced, not best-effort.** ERC-4361 requires ERC-1271 verification to happen on the chain matching the message's `Chain ID`. Previously, an RPC that lacked `chain_id` or whose `eth_chainId` probe failed would silently skip the check. Now `:invalid_signature_chain_id` is raised in either case. **Breaking** for callers using a custom RPC client without a `chain_id` method, or relying on `chain_id` returning `nil` on probe failure.
+4. **`request-id` field tightened to `*pchar`.** The parser previously accepted `/` and `?` (ABNF query/fragment characters) which are not pchar.
+5. **Empty / nil signatures now raise `:invalid_params`** instead of `:invalid_signature` — same `Siwe::Error` class, more specific type.
+6. **Narrower `rescue` in EOA recovery.** Adapter misconfiguration no longer disappears behind `:invalid_signature`; only `eth`-gem signature/chain errors and arg/type errors are swallowed.
+7. **Removed unused public surface.** `Config#verification_fallback`, `Eip6492::EIP1271_MAGIC_VALUE`, and `Adapter::EthGem#{hash_message,get_address}` are gone. None were called anywhere.
+
 ## [0.1.2] — 2026-05-04
 
 - Add top-level convenience methods `Siwe.parse(str)` (alias for `Siwe::Message.parse`) and `Siwe.eip6492_signature?(hex)` (alias for `Siwe::Eip6492.signature?`), mirroring the TS package's root-level exports.

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    siwe-rb (0.1.2)
+    siwe-rb (0.2.0)
       eth (>= 0.5.11, < 1.0)
 
 GEM
@@ -202,7 +202,7 @@ CHECKSUMS
   simplecov (0.22.0) sha256=fe2622c7834ff23b98066bb0a854284b2729a569ac659f82621fc22ef36213a5
   simplecov-html (0.13.2) sha256=bd0b8e54e7c2d7685927e8d6286466359b6f16b18cb0df47b508e8d73c777246
   simplecov_json_formatter (0.1.4) sha256=529418fbe8de1713ac2b2d612aa3daa56d316975d307244399fa4838c601b428
-  siwe-rb (0.1.2)
+  siwe-rb (0.2.0)
   unicode-display_width (3.2.0) sha256=0cdd96b5681a5949cdbc2c55e7b420facae74c4aaf9a9815eee1087cb1853c42
   unicode-emoji (4.2.0) sha256=519e69150f75652e40bf736106cfbc8f0f73aa3fb6a65afe62fefa7f80b0f80f
   webmock (3.26.2) sha256=774556f2ea6371846cca68c01769b2eac0d134492d21f6d0ab5dd643965a4c90

data/README.md

@@ -140,4 +140,4 @@ SIWE_RPC_URL=https://ethereum-rpc.publicnode.com bundle exec rspec --tag live_rp
 
 ## License
 
-MIT or Apache-2.0, at your option.
+MIT.

data/lib/siwe/adapter.rb

@@ -7,25 +7,14 @@ require_relative "error_type"
 
 module Siwe
   module Adapter
-    # Default crypto adapter using the eth gem.
-    # Implements the SiweConfig interface from the TS reference implementation:
-    # verify_message → recover signer address from EIP-191 signed message
-    # hash_message → EIP-191 personal_sign hash
-    # get_address → normalize to EIP-55 checksum address
+    # Default crypto adapter using the eth gem. The verification path only needs
+    # signer recovery — any object implementing `#verify_message(message, signature)`
+    # returning the recovered EIP-55 address can be plugged in via Config.new(adapter:).
     class EthGem
       def verify_message(message, signature)
         public_key = Eth::Signature.personal_recover(message, signature)
         Eth::Util.public_key_to_address(public_key).to_s
       end
-
-      def hash_message(message)
-        prefixed = Eth::Signature.prefix_message(message)
-        Eth::Util.keccak256(prefixed)
-      end
-
-      def get_address(addr)
-        Eth::Address.new(addr).to_s
-      end
     end
 
     DEFAULT = EthGem.new

data/lib/siwe/config.rb

@@ -3,48 +3,36 @@
 require_relative "adapter"
 
 module Siwe
-  # Verification config — pluggable adapter (crypto), RPC URL or RPC client (smart wallet),
-  # and optional verification fallback.
+  # Verification config — pluggable adapter (crypto) plus RPC URL or RPC client
+  # for the smart-wallet (ERC-1271 / ERC-6492) verification path.
   #
   # Set globally via Siwe.configure { |c| ... } or per-call as `verify(config: ...)`.
   class Config
-    attr_reader :rpc_url, :rpc, :adapter, :verification_fallback
+    attr_reader :rpc_url, :rpc, :adapter
 
-    def initialize(rpc_url: nil, rpc: nil, adapter: nil, verification_fallback: nil)
+    def initialize(rpc_url: nil, rpc: nil, adapter: nil)
       @rpc_url = rpc_url
       @rpc = rpc
       @adapter = adapter || Siwe::Adapter::DEFAULT
-      @verification_fallback = verification_fallback
     end
 
     def to_h
-      {
-        rpc_url: @rpc_url,
-        rpc: @rpc,
-        adapter: @adapter,
-        verification_fallback: @verification_fallback
-      }
+      { rpc_url: @rpc_url, rpc: @rpc, adapter: @adapter }
     end
 
     # Mutable struct used inside Siwe.configure { |c| c.rpc_url = ... }.
     # Caller mutates fields, then build returns a frozen Config.
     class Builder
-      attr_accessor :rpc_url, :rpc, :adapter, :verification_fallback
+      attr_accessor :rpc_url, :rpc, :adapter
 
-      def initialize(rpc_url: nil, rpc: nil, adapter: nil, verification_fallback: nil)
+      def initialize(rpc_url: nil, rpc: nil, adapter: nil)
         @rpc_url = rpc_url
         @rpc = rpc
         @adapter = adapter
-        @verification_fallback = verification_fallback
       end
 
       def build
-        Config.new(
-          rpc_url: @rpc_url,
-          rpc: @rpc,
-          adapter: @adapter,
-          verification_fallback: @verification_fallback
-        )
+        Config.new(rpc_url: @rpc_url, rpc: @rpc, adapter: @adapter)
       end
     end
   end

data/lib/siwe/eip6492.rb

@@ -10,9 +10,6 @@ module Siwe
     # 32-byte magic suffix appended to EIP-6492 wrapped signatures.
     MAGIC_SUFFIX = "6492649264926492649264926492649264926492649264926492649264926492"
 
-    # ERC-1271 magic value returned by `isValidSignature(bytes32,bytes)`.
-    EIP1271_MAGIC_VALUE = "1626ba7e"
-
     # Off-chain universal signature validator. Deployed via eth_call (no actual
     # deployment) to verify EOA, ERC-1271, and EIP-6492 signatures in one call.
     #

data/lib/siwe/message.rb

@@ -156,7 +156,9 @@ module Siwe
 
     def check_temporal!(time_str)
       check_at = time_str ? Time.iso8601(time_str) : Time.now.utc
-      if @expiration_time && Time.iso8601(@expiration_time) < check_at
+      # `expiration-time` is the instant the message becomes invalid (ERC-4361). Reject at
+      # the boundary too — matches TS/Python/Rust which all use check_time >= expiration.
+      if @expiration_time && Time.iso8601(@expiration_time) <= check_at
         raise Error.new(ErrorType::EXPIRED_MESSAGE, expected: @expiration_time, received: check_at.iso8601)
       end
       return unless @not_before && Time.iso8601(@not_before) > check_at
@@ -167,8 +169,8 @@ module Siwe
     end
 
     def check_signature!(signature, cfg)
-      if signature.nil? || signature.empty?
-        raise Error.new(ErrorType::INVALID_SIGNATURE, expected: "non-empty signature", received: signature.inspect)
+      if signature.nil? || signature.to_s.empty?
+        raise Error.new(ErrorType::INVALID_PARAMS, expected: "non-empty signature", received: signature.inspect)
       end
 
       recovered = recover_eoa(signature, cfg)
@@ -180,9 +182,21 @@ module Siwe
       raise Error.new(ErrorType::INVALID_SIGNATURE, expected: @address, received: recovered.to_s)
     end
 
+    # Errors specific to signature recovery failures from the `eth` gem. Other
+    # exceptions (e.g. an adapter raising on misconfiguration, network errors)
+    # are intentionally not rescued — they signal programmer error or transport
+    # failure, not "this signature is bad".
+    EOA_RECOVERY_ERRORS = [
+      Eth::Signature::SignatureError,
+      Eth::Chain::ReplayProtectionError,
+      ArgumentError,
+      TypeError
+    ].freeze
+    private_constant :EOA_RECOVERY_ERRORS
+
     def recover_eoa(signature, cfg)
       cfg.adapter.verify_message(prepare_message, signature)
-    rescue StandardError
+    rescue *EOA_RECOVERY_ERRORS
       nil
     end
 
@@ -201,11 +215,24 @@ module Siwe
       nil
     end
 
+    # ERC-4361 requires ERC-1271 verification to happen on the chain matching the
+    # message's `Chain ID`. We refuse to fall back to the smart-wallet path unless
+    # the RPC reports a chain id and it matches. A custom RPC client that does not
+    # expose chain_id must add it; a silent skip here would let an attacker validate
+    # against any chain a misconfigured RPC happens to be pointed at.
     def check_chain_id_match!(rpc)
-      return unless rpc.respond_to?(:chain_id)
+      unless rpc.respond_to?(:chain_id)
+        raise Error.new(ErrorType::INVALID_SIGNATURE_CHAIN_ID,
+                        expected: @chain_id.to_s,
+                        received: "rpc client does not expose chain_id")
+      end
 
       rpc_chain = rpc.chain_id
-      return if rpc_chain.nil? || rpc_chain == @chain_id
+      if rpc_chain.nil?
+        raise Error.new(ErrorType::INVALID_SIGNATURE_CHAIN_ID,
+                        expected: @chain_id.to_s, received: "nil")
+      end
+      return if rpc_chain == @chain_id
 
       raise Error.new(ErrorType::INVALID_SIGNATURE_CHAIN_ID,
                       expected: @chain_id.to_s, received: rpc_chain.to_s)

data/lib/siwe/parser.rb

@@ -10,18 +10,17 @@ module Siwe
   # Returns a hash of typed fields plus an array of non-fatal warnings.
   class Parser
     HEADER_SUFFIX = " wants you to sign in with your Ethereum account:"
-    SCHEME_REGEX  = /\A([A-Za-z][A-Za-z0-9+\-.]*)\z/
-    # RFC 3986 authority (without scheme://) — userinfo, host (reg-name/IPv4/IP-literal), port.
-    DOMAIN_REGEX  = /\A[A-Za-z0-9\-._~%!$&'()*+,;=:@\[\]]+\z/
+    SCHEME_REGEX  = Util::SCHEME_REGEX
     ADDRESS_REGEX = /\A0x[0-9a-fA-F]{40}\z/
     NONCE_REGEX   = /\A[A-Za-z0-9]{8,}\z/
     CHAIN_REGEX   = /\A[0-9]+\z/
-    # Statement chars per ABNF: %d32-33 %d35-36 %d38-59 %d61 %d63-64 %d91 %d93 %d95 %d126.
-    # Note: explicitly excludes %d34 (") and %d37 (%). Built via Regexp.new to avoid
-    # accidental string interpolation of `#$&` inside a regex literal.
+    # ERC-4361 statement = reserved / unreserved / " " per RFC 3986. The regex unions
+    # ALPHA + DIGIT with the punctuation in those sets; excludes LF, ", %, and other
+    # characters outside RFC 3986. Built via Regexp.new to avoid accidental string
+    # interpolation of `#$&` inside a regex literal.
     STATEMENT_REGEX = Regexp.new('\A[a-zA-Z0-9 !\x23\x24\x26-\x3B\x3D\x3F\x40\x5B\x5D\x5F\x7E]*\z')
-    REQUEST_ID_REGEX = %r{\A[A-Za-z0-9\-._~%!$&'()*+,;=:@/?]*\z}
-    URI_REGEX = /\A[A-Za-z][A-Za-z0-9+\-.]*:[^\s]*\z/
+    # request-id = *pchar per ABNF — no "/" or "?".
+    REQUEST_ID_REGEX = Util::PCHAR_REGEX
 
     def self.parse(str)
       new(str).parse
@@ -46,7 +45,7 @@ module Siwe
 
       statement = parse_statement_block(lines[2...uri_idx])
 
-      uri        = parse_field(lines[uri_idx],     "URI: ",       :invalid_uri,             URI_REGEX)
+      uri        = parse_uri_field(lines[uri_idx], "URI: ")
       version    = parse_field(lines[uri_idx + 1], "Version: ",   :invalid_message_version, /\A1\z/)
       chain_str  = parse_field(lines[uri_idx + 2], "Chain ID: ",  :unable_to_parse,         CHAIN_REGEX)
       nonce      = parse_field(lines[uri_idx + 3], "Nonce: ",     :invalid_nonce,           NONCE_REGEX)
@@ -101,7 +100,7 @@ module Siwe
 
     private
 
-    def parse_header(line) # rubocop:disable Metrics/AbcSize
+    def parse_header(line)
       raise unable_to_parse("missing header") if line.nil? || line.empty?
       raise unable_to_parse("malformed header") unless line.end_with?(HEADER_SUFFIX)
 
@@ -112,22 +111,22 @@ module Siwe
         scheme, _, domain = prefix.partition("://")
         raise unable_to_parse("invalid scheme: #{scheme.inspect}") unless SCHEME_REGEX.match?(scheme)
         raise unable_to_parse("empty domain") if domain.empty?
-        unless DOMAIN_REGEX.match?(domain)
-          raise Error.new(ErrorType::INVALID_DOMAIN, expected: "RFC 3986 authority",
-                                                     received: domain)
-        end
 
+        validate_domain!(domain)
         [scheme, domain]
       else
-        unless DOMAIN_REGEX.match?(prefix)
-          raise Error.new(ErrorType::INVALID_DOMAIN, expected: "RFC 3986 authority",
-                                                     received: prefix)
-        end
-
+        validate_domain!(prefix)
         [nil, prefix]
       end
     end
 
+    def validate_domain!(domain)
+      return if Util.valid_authority?(domain) && !domain.empty?
+
+      raise Error.new(ErrorType::INVALID_DOMAIN, expected: "RFC 3986 authority",
+                                                 received: domain)
+    end
+
     def parse_address(line)
       raise unable_to_parse("missing address line") if line.nil?
       unless ADDRESS_REGEX.match?(line)
@@ -188,12 +187,22 @@ module Siwe
       value
     end
 
+    def parse_uri_field(line, prefix)
+      raise unable_to_parse("missing #{prefix.strip}") if line.nil?
+      raise unable_to_parse("expected #{prefix.strip} line") unless line.start_with?(prefix)
+
+      value = line[prefix.length..]
+      raise Error.new(ErrorType::INVALID_URI, expected: "RFC 3986 URI", received: value) unless Util.valid_uri?(value)
+
+      value
+    end
+
     def parse_resources(lines, start_idx)
       idx = start_idx
       out = []
       while idx < lines.length && lines[idx].start_with?("- ")
         uri = lines[idx][2..]
-        unless URI_REGEX.match?(uri)
+        unless Util.valid_uri?(uri)
           raise Error.new(ErrorType::INVALID_URI, expected: "RFC 3986 resource URI", received: uri)
         end
 

data/lib/siwe/rpc.rb

@@ -25,6 +25,11 @@ module Siwe
         @timeout = timeout
       end
 
+      # Returns the chain id (Integer). Lazy-fetched via eth_chainId on first call and
+      # cached for the lifetime of this client. Raises Siwe::Error :rpc_error on probe
+      # failure rather than returning nil — callers in the smart-wallet path rely on
+      # this to enforce ERC-4361's chain binding (a silent nil could otherwise validate
+      # a signature against the wrong chain).
       def chain_id
         @chain_id ||= fetch_chain_id
       end
@@ -41,10 +46,7 @@ module Siwe
       private
 
       def fetch_chain_id
-        hex = rpc_request("eth_chainId", [])
-        hex.to_i(16)
-      rescue Error
-        nil
+        rpc_request("eth_chainId", []).to_i(16)
       end
 
       def rpc_request(method, params)

data/lib/siwe/util.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require "ipaddr"
 require "securerandom"
 require "time"
 require "date"
@@ -23,6 +24,20 @@ module Siwe
       \z
     /x
 
+    # Character classes per RFC 3986. Anything outside these is rejected.
+    # unreserved + sub-delims + pct-encoded marker, used in reg-name.
+    HOST_CHAR_REGEX     = /\A(?:[A-Za-z0-9\-._~!$&'()*+,;=]|%[0-9A-Fa-f]{2})*\z/
+    USERINFO_CHAR_REGEX = /\A(?:[A-Za-z0-9\-._~!$&'()*+,;=:]|%[0-9A-Fa-f]{2})*\z/
+    # pchar = unreserved / pct-encoded / sub-delims / ":" / "@". Used for request-id
+    # (ABNF "request-id = *pchar") and segments within a path.
+    PCHAR_REGEX = /\A(?:[A-Za-z0-9\-._~!$&'()*+,;=:@]|%[0-9A-Fa-f]{2})*\z/
+    # path = *( pchar / "/" ). No "?" or "#".
+    PATH_REGEX = %r{\A(?:[A-Za-z0-9\-._~!$&'()*+,;=:@/]|%[0-9A-Fa-f]{2})*\z}
+    # query / fragment = *( pchar / "/" / "?" ).
+    QUERY_FRAGMENT_REGEX = %r{\A(?:[A-Za-z0-9\-._~!$&'()*+,;=:@/?]|%[0-9A-Fa-f]{2})*\z}
+    PORT_REGEX   = /\A\d*\z/
+    SCHEME_REGEX = /\A[A-Za-z][A-Za-z0-9+\-.]*\z/
+
     def generate_nonce
       SecureRandom.alphanumeric(NONCE_LENGTH)
     end
@@ -67,5 +82,112 @@ module Siwe
     rescue StandardError
       nil
     end
+
+    # Validate an RFC 3986 authority: [userinfo "@"] host [":" port].
+    # Used for both the SIWE `domain` field and any URI's authority component.
+    # Empty authority is valid (empty reg-name).
+    def valid_authority?(str)
+      return false if str.nil?
+      return true if str.empty?
+
+      userinfo, host_port = str.include?("@") ? str.split("@", 2) : [nil, str]
+      return false if userinfo && !USERINFO_CHAR_REGEX.match?(userinfo)
+
+      host, port = split_host_port(host_port)
+      return false if host.nil?
+      return false if port && !PORT_REGEX.match?(port)
+
+      valid_host?(host)
+    end
+
+    # Validate an absolute RFC 3986 URI: scheme ":" hier-part [ "?" query ] [ "#" fragment ].
+    def valid_uri?(str)
+      return false if str.nil? || str.empty?
+
+      scheme, rest = str.split(":", 2)
+      return false if rest.nil?
+      return false unless SCHEME_REGEX.match?(scheme)
+
+      m = rest.match(/\A(?<hier>[^?#]*)(?:\?(?<query>[^#]*))?(?:\#(?<frag>.*))?\z/)
+      return false if m.nil?
+      return false unless valid_hier_part?(m[:hier])
+      return false if m[:query] && !QUERY_FRAGMENT_REGEX.match?(m[:query])
+      return false if m[:frag]  && !QUERY_FRAGMENT_REGEX.match?(m[:frag])
+
+      true
+    end
+
+    # host = IP-literal / IPv4address / reg-name. Distinguishes by leading "[".
+    def valid_host?(host)
+      if host.start_with?("[") && host.end_with?("]")
+        valid_ip_literal?(host[1..-2])
+      else
+        HOST_CHAR_REGEX.match?(host)
+      end
+    end
+
+    # IP-literal = IPv6address / IPvFuture (latter is rare and unused in SIWE — reject).
+    def valid_ip_literal?(content)
+      return false if content.nil? || content.empty?
+      return false if content.start_with?("v", "V") # IPvFuture not supported
+
+      ipv6 = content
+      if content.include?(".")
+        last_colon = content.rindex(":")
+        return false if last_colon.nil?
+
+        ipv4 = content[(last_colon + 1)..]
+        return false unless valid_dotted_ipv4?(ipv4)
+
+        # IPAddr rejects leading zeros in IPv4 octets ("zero-filled ambiguous"), but the
+        # SIWE test vectors treat them as valid. Rewrite the IPv4 tail as two h16 groups.
+        octets = ipv4.split(".").map(&:to_i)
+        g1 = format("%x", (octets[0] << 8) | octets[1])
+        g2 = format("%x", (octets[2] << 8) | octets[3])
+        ipv6 = "#{content[0..last_colon]}#{g1}:#{g2}"
+      end
+
+      IPAddr.new(ipv6).ipv6?
+    rescue IPAddr::InvalidAddressError
+      false
+    end
+
+    def valid_dotted_ipv4?(addr)
+      octets = addr.split(".", -1)
+      return false unless octets.length == 4
+
+      octets.all? { |o| o.match?(/\A\d{1,3}\z/) && o.to_i <= 255 }
+    end
+
+    def split_host_port(str)
+      if str.start_with?("[")
+        close = str.index("]")
+        return [nil, nil] if close.nil?
+
+        host = str[0..close]
+        rest = str[(close + 1)..]
+        if rest.empty?
+          [host, nil]
+        elsif rest.start_with?(":")
+          [host, rest[1..]]
+        else
+          [nil, nil]
+        end
+      elsif (colon = str.rindex(":"))
+        [str[0...colon], str[(colon + 1)..]]
+      else
+        [str, nil]
+      end
+    end
+
+    def valid_hier_part?(hier)
+      if hier.start_with?("//")
+        rest = hier[2..]
+        authority_end = rest.index("/") || rest.length
+        valid_authority?(rest[0...authority_end]) && PATH_REGEX.match?(rest[authority_end..])
+      else
+        PATH_REGEX.match?(hier)
+      end
+    end
   end
 end

data/lib/siwe/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Siwe
-  VERSION = "0.1.2"
+  VERSION = "0.2.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: siwe-rb
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.2.0
 platform: ruby
 authors:
 - EthID.org
@@ -56,7 +56,6 @@ files:
 - lib/siwe/smart_wallet.rb
 - lib/siwe/util.rb
 - lib/siwe/version.rb
-- siwe-rb.gemspec
 homepage: https://github.com/signinwithethereum/siwe-rb
 licenses:
 - MIT

data/siwe-rb.gemspec

@@ -1,33 +0,0 @@
-# frozen_string_literal: true
-
-require_relative "lib/siwe/version"
-
-Gem::Specification.new do |spec|
-  spec.name    = "siwe-rb"
-  spec.version = Siwe::VERSION
-  spec.authors = ["EthID.org"]
-  spec.email   = ["jalil@ethfollow.xyz"]
-
-  spec.summary = "Sign-In with Ethereum (EIP-4361) for Ruby"
-  spec.description = "EIP-4361 message construction, parsing, and signature verification, " \
-                     "with built-in support for ERC-1271 and EIP-6492 smart contract wallets."
-  spec.homepage    = "https://github.com/signinwithethereum/siwe-rb"
-  spec.license = "MIT"
-  spec.required_ruby_version = ">= 3.3"
-
-  spec.metadata["homepage_uri"] = spec.homepage
-  spec.metadata["source_code_uri"] = spec.homepage
-  spec.metadata["changelog_uri"] = "#{spec.homepage}/blob/main/CHANGELOG.md"
-  spec.metadata["rubygems_mfa_required"] = "true"
-
-  spec.files = Dir.chdir(File.expand_path(__dir__)) do
-    `git ls-files -z`.split("\x0").reject do |f|
-      f == __FILE__ ||
-        f.start_with?("spec/", "test/", "features/", "bin/", "gems/", "script/") ||
-        f.match?(/\A\.(?:git|github|rubocop|ruby-version|rspec)/)
-    end
-  end
-  spec.require_paths = ["lib"]
-
-  spec.add_dependency "eth", ">= 0.5.11", "< 1.0"
-end