siwe 0.1.5 → 1.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6672768ccc989b67fd335a571585a7bbae2f88ccd8c095f7332a308f39037dab
-  data.tar.gz: 3612d9b498a36fa37e0cb70e81e2ae64450baf34d7ef9d75cc666957957c15de
+  metadata.gz: 1b93dcc0ece62bd6bdd3316e51661198c5b4f4b5a8433c355bcae8a51997b183
+  data.tar.gz: f5b5720ea3a8de09d52f1896b6371159c98bad1385e8ab8dae2420e037e7e6bc
 SHA512:
-  metadata.gz: 6f42e272519ac16310a8ee9bf75139e121acaf52b446b0ed35e8868bb17bfcb816caced089dc7e342e5a686a1ab532cab6a9d385a3b80cbc7b6a15c668e019aa
-  data.tar.gz: 93c9e1a87a4dae94562f89b44de590f03a23c673dfb30962f2cd47c52aa4547f3b8c0a0b0a3263773b4113783dcfcd97154de7d9401b689935dfa3da671b001a
+  metadata.gz: 02626d246f7d5cfb189057feb2619cdcaaf0271d52c70be86f77e9c04ef214974ca2ce9506565a2f9c927bcceb2dede81e9c2e7c57b629312c0e966bf110d5e4
+  data.tar.gz: 3bd251a0027c2cb831d90e6fad7b920731c5f19553472ce1219216daac97727e7bf939fc859a994fc9eeed672789ed67af0d0c23f737b95334d8446d3141fc13

data/Gemfile.lock

@@ -1,8 +1,8 @@
 PATH
   remote: .
   specs:
-    siwe (0.1.4)
-      eth (~> 0.5.0)
+    siwe (1.1.0)
+      eth (~> 0.5.1)
 
 GEM
   remote: https://rubygems.org/
@@ -12,17 +12,17 @@ GEM
     benchmark (0.2.0)
     diff-lcs (1.5.0)
     e2mmap (0.1.0)
-    eth (0.5.0)
+    eth (0.5.1)
       keccak (~> 1.3)
       konstructor (~> 1.0)
-      openssl (~> 3.0)
+      openssl (~> 2.2)
       rbsecp256k1 (~> 5.1)
-      rlp (~> 0.7)
       scrypt (~> 3.0)
     ffi (1.15.5)
     ffi-compiler (1.0.1)
       ffi (>= 1.0.0)
       rake
+    ipaddr (1.2.4)
     jaro_winkler (1.5.4)
     keccak (1.3.0)
     konstructor (1.0.2)
@@ -33,7 +33,8 @@ GEM
     mini_portile2 (2.7.1)
     nokogiri (1.13.1-x86_64-linux)
       racc (~> 1.4)
-    openssl (3.0.0)
+    openssl (2.2.1)
+      ipaddr
     parallel (1.21.0)
     parser (3.1.0.0)
       ast (~> 2.4.1)
@@ -49,7 +50,6 @@ GEM
     reverse_markdown (2.1.1)
       nokogiri
     rexml (3.2.5)
-    rlp (0.7.3)
     rspec (3.10.0)
       rspec-core (~> 3.10.0)
       rspec-expectations (~> 3.10.0)

data/README.md

@@ -1,2 +1,107 @@
 # siwe-ruby
-A ruby implementation of Sign-In with Ethereum
+A Ruby implementation of EIP-4361: Sign In With Ethereum.
+
+## Getting started
+### Dependencies
+Additional packages may be required to install the gem:
+
+### macOS
+```bash
+brew install automake openssl libtool pkg-config gmp libffi
+```
+
+### Linux
+```bash
+sudo apt-get install build-essential automake pkg-config libtool \
+                     libffi-dev libssl-dev libgmp-dev python-dev
+```
+
+After installing any required dependencies SIWE can be easily installed with:
+```bash
+gem install siwe
+```
+
+## Usage
+SIWE provides a Message class which implements EIP-4361.
+### Creating a SIWE Message
+
+```ruby
+require 'siwe'
+require 'time'
+
+# Only the mandatory arguments
+Siwe::Message.new("domain.example", "0x9D85ca56217D2bb651b00f15e694EB7E713637D4", "some.uri", "1")
+
+# Complete SIWE message with default values
+Siwe::Message.new("domain.example", "0x9D85ca56217D2bb651b00f15e694EB7E713637D4", "some.uri", "1", {
+                                   issued_at: Time.now.utc.iso8601,
+                                   statement: "Example statement for SIWE",
+                                   nonce: Siwe::Util.generate_nonce,
+                                   chain_id: "1",
+                                   expiration_time: "",
+                                   not_before: "",
+                                   request_id: "",
+                                   resources: []
+                                 })
+```
+
+### Parsing a SIWE Message
+To parse from EIP-4361 use `Siwe::Message.from_message`
+
+```ruby
+require 'siwe'
+
+Siwe::Message.from_message "domain.example wants you to sign in with your Ethereum account:\n0x9D85ca56217D2bb651b00f15e694EB7E713637D4\n\nExample statement for SIWE\n\nURI: some.uri\nVersion: 1\nChain ID: 1\nNonce: k1Ne4KWzBHYEFQo8\nIssued At: 2022-02-03T20:06:19Z"
+```
+
+Messages can be parsed to and from JSON strings, using Siwe::Message.from_json_string and Siwe::Message.to_json_string respectively:
+
+```ruby
+require 'siwe'
+
+Siwe::Message.from_json_string "{\"domain\":\"domain.example\",\"address\":\"0x9D85ca56217D2bb651b00f15e694EB7E713637D4\",\"uri\":\"some.uri\",\"version\":\"1\",\"chain_id\":\"1\",\"nonce\":\"k1Ne4KWzBHYEFQo8\",\"issued_at\":\"2022-02-03T20:06:19Z\",\"statement\":\"Example statement for SIWE\",\"expiration_time\":\"\",\"not_before\":\"\",\"request_id\":\"\",\"resources\":[]}"
+
+Siwe::Message.new("domain.example", "0x9D85ca56217D2bb651b00f15e694EB7E713637D4", "some.uri", "1").to_json_string
+```
+
+## Verifying and Authenticating a SIWE Message
+Verification and authentication is performed via EIP-191, using the address field of the SiweMessage as the expected signer. The validate method checks message structural integrity, signature address validity, and time-based validity attributes.
+
+```ruby
+begin
+    message.validate(signature) # returns true if valid throws otherwise
+rescue Siwe::ExpiredMessage
+    # Used when the message is already expired. (Expires At < Time.now)
+rescue Siwe::NotValidMessage
+    # Used when the message is not yet valid. (Not Before > Time.now)
+rescue Siwe::InvalidSignature
+    # Used when the signature doesn't correspond to the address of the message.
+end
+```
+
+## Serialization of a SIWE Message
+`Siwe::Message` instances can also be serialized as their EIP-4361 string representations via the `Siwe::Message.prepare_message` method:
+
+```ruby
+require 'siwe'
+
+Siwe::Message.new("domain.example", "0x9D85ca56217D2bb651b00f15e694EB7E713637D4", "some.uri", "1").prepare_message
+```
+
+## Example
+Parsing and verifying a `Siwe::Message`:
+```ruby
+require 'siwe'
+
+begin
+    message = Siwe::Message.from_message "https://example.com wants you to sign in with your Ethereum account:\n0xA712a0AFBFA8656581BfA96352c9EdFc519e9cad\n\n\nURI: https://example.com\nVersion: 1\nChain ID: 1\nNonce: 9WrH24z8zpiYOoBQ\nIssued At: 2022-02-04T15:52:03Z"
+    message.validate "aca5e5649a357cee608ecbd1a8455b4143311381636b88a66ec7bcaf64b3a4743ff2c7cc18501a3401e182f79233dc73fc56d01506a6098d5e7e4d881bbb02921c"
+    puts "Congrats, your message is valid"
+rescue Siwe::ExpiredMessage
+    # Used when the message is already expired. (Expires At < Time.now)
+rescue Siwe::NotValidMessage
+    # Used when the message is not yet valid. (Not Before > Time.now)
+rescue Siwe::InvalidSignature
+    # Used when the signature doesn't correspond to the address of the message.
+end
+```

data/lib/siwe/exceptions.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Siwe
+  # Used when the message is already expired. (Expires At < Time.now)
+  class ExpiredMessage < StandardError
+    def initialize(msg = "Message expired.")
+      super
+    end
+  end
+
+  # Used when the address does not conform to EIP-55 or is invalid.
+  class InvalidAddress < StandardError
+    def initialize(msg = "Address does not conform to EIP-55 or is invalid.")
+      super
+    end
+  end
+
+  # Used when the message is not yet valid. (Not Before > Time.now)
+  class NotValidMessage < StandardError
+    def initialize(msg = "Message not yet valid.")
+      super
+    end
+  end
+
+  # Used when the signature doesn't correspond to the address of the message.
+  class InvalidSignature < StandardError
+    def initialize(msg = "Signature doesn't match message.")
+      super
+    end
+  end
+end

data/lib/siwe/message.rb

@@ -74,15 +74,17 @@ module Siwe
     # expressed as RFC 3986 URIs separated by `\n- `.
     attr_accessor :resources
 
-    # Signature of the message signed by the wallet.
-    attr_accessor :signature
-
     def initialize(domain, address, uri, version, options = {})
       @domain = domain
-      @address = address
+      begin
+        @address = Eth::Address.new(address).to_s
+      rescue StandardError
+        raise Siwe::InvalidAddress
+      end
+      raise Siwe::InvalidAddress unless @address.eql? address
+
       @uri = uri
       @version = version
-
       @statement = options.fetch :statement, ""
       @issued_at = options.fetch :issued_at, Time.now.utc.iso8601
       @nonce = options.fetch :nonce, Siwe::Util.generate_nonce
@@ -91,15 +93,13 @@ module Siwe
       @not_before = options.fetch :not_before, ""
       @request_id = options.fetch :request_id, ""
       @resources = options.fetch :resources, []
-      @signature = options.fetch :signature, ""
-      validate(true)
     end
 
     def self.from_message(msg)
       if (message = msg.match SIWE_MESSAGE)
-        msg = new(
+        new(
           message[:domain],
-          message[:address],
+          Eth::Address.new(message[:address]).to_s,
           message[:uri],
           message[:version],
           {
@@ -113,8 +113,7 @@ module Siwe
             resources: message[:resources]&.split("\n- ")&.drop(1) || []
           }
         )
-        msg.validate(true)
-        msg
+
       else
         throw "Invalid message input."
       end
@@ -123,7 +122,7 @@ module Siwe
     def to_json_string
       obj = {
         domain: @domain,
-        address: @address,
+        address: Eth::Address.new(@address).to_s,
         uri: @uri,
         version: @version,
         chain_id: @chain_id,
@@ -133,15 +132,14 @@ module Siwe
         expiration_time: @expiration_time,
         not_before: @not_before,
         request_id: @request_id,
-        resources: @resources,
-        signature: @signature
+        resources: @resources
       }
       obj.to_json
     end
 
     def self.from_json_string(str)
       obj = JSON.parse str, { symbolize_names: true }
-      msg = Siwe::Message.new(
+      Siwe::Message.new(
         obj[:domain],
         obj[:address],
         obj[:uri],
@@ -153,30 +151,33 @@ module Siwe
           expiration_time: obj[:expiration_time],
           not_before: obj[:not_before],
           request_id: obj[:request_id],
-          resources: obj[:resources],
-          signature: obj[:signature]
+          resources: obj[:resources]
         }
       )
-      msg.validate(true)
-      msg
     end
 
-    def validate(skip_signature = false)
-      raise "Message expired." if !@expiration_time.empty? && Time.now.utc > Time.parse(@expiration_time)
-      raise "Message not yet valid." if !@not_before.empty? && Time.now.utc < Time.parse(@not_before)
+    def validate(signature)
+      raise Siwe::ExpiredMessage if !@expiration_time.empty? && Time.now.utc > Time.parse(@expiration_time)
+      raise Siwe::NotValidMessage if !@not_before.empty? && Time.now.utc < Time.parse(@not_before)
+
+      raise Siwe::InvalidSignature if signature.empty?
 
-      unless skip_signature
-        raise "Missing signature field." if @signature.empty?
+      raise Siwe::InvalidAddress unless @address.eql?(Eth::Address.new(@address).to_s)
 
-        pub_key = Eth::Signature.personal_recover personal_sign, @signature
+      puts "whatever"
+      begin
+        pub_key = Eth::Signature.personal_recover prepare_message, signature
         signature_address = Eth::Util.public_key_to_address pub_key
-        raise "Signature doesn't match message." unless signature_address.to_s.downcase.eql? @address.to_s.downcase
+      rescue StandardError
+        raise Siwe::InvalidSignature
       end
 
+      raise Siwe::InvalidSignature unless signature_address.to_s.downcase.eql? @address.to_s.downcase
+
       true
     end
 
-    def personal_sign
+    def prepare_message
       greeting = "#{@domain} wants you to sign in with your Ethereum account:"
       address = @address
       statement = "\n#{@statement}\n"

data/lib/siwe/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Siwe
-  VERSION = "0.1.5"
+  VERSION = "1.1.1"
 end

data/lib/siwe.rb

@@ -6,6 +6,10 @@ require_relative "siwe/version"
 module Siwe
   autoload :Message, "siwe/message"
   autoload :Util, "siwe/util"
+  autoload :ExpiredMessage, "siwe/exceptions"
+  autoload :NotValidMessage, "siwe/exceptions"
+  autoload :InvalidSignature, "siwe/exceptions"
+  autoload :InvalidAddress, "siwe/exceptions"
 
   class Error < StandardError; end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: siwe
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 1.1.1
 platform: ruby
 authors:
 - Spruce Systems Inc.
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-01-24 00:00:00.000000000 Z
+date: 2022-03-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: eth
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.5.0
+        version: 0.5.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.5.0
+        version: 0.5.1
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -101,6 +101,7 @@ files:
 - bin/console
 - bin/setup
 - lib/siwe.rb
+- lib/siwe/exceptions.rb
 - lib/siwe/message.rb
 - lib/siwe/util.rb
 - lib/siwe/version.rb