truthid-sdk 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: c3de2db41a1a8ad39fefae599250e957b77ae4f8b37ed27cf7db90331a6b2d38
+  data.tar.gz: 3df13b1958fbb7cd0daa4896e3e74a97e28103fcfdf550b1ab36d527d135b6ae
+SHA512:
+  metadata.gz: ee362147ab288e09c41a734d1206f4b3dcf48c440cec13c28bbdff54da1ceb420ff66723eb3a1d6a92adba8f817171bfde9c25a48b84c19274848e35cdc986b5
+  data.tar.gz: 41d7cb1bbf8bfc650802963923635bebfab7314707306cea33ee96a868e6a07dfad1c7e83b79deb7f481c98f9d0fedab1e8d477cbdf3e250299082bf2078202c

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 masterlxz
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,15 @@
+# truthid-sdk
+
+TruthID passwordless, decentralized authentication SDK for Ruby.
+
+Integrate passwordless, decentralized authentication into your app in minutes — no TruthID-operated server, no passwords, no third-party login.
+
+```bash
+gem install truthid-sdk
+```
+
+Full documentation, how it works, and usage examples: [github.com/masterlxz/truthid/tree/main/sdk](https://github.com/masterlxz/truthid/tree/main/sdk#readme)
+
+## License
+
+MIT — see [LICENSE](./LICENSE).

data/lib/truthid/client.rb

@@ -0,0 +1,116 @@
+require "json"
+require "securerandom"
+require "eth"
+
+require_relative "contracts"
+require_relative "types"
+
+module TruthID
+  class Client
+    RPC_URLS = {
+      "base-sepolia" => "https://sepolia.base.org",
+      "base-mainnet" => "https://mainnet.base.org"
+    }.freeze
+
+    def initialize(network: "base-mainnet", rpc_url: nil)
+      url = rpc_url || RPC_URLS.fetch(network)
+      @rpc = Eth::Client.create(url)
+      @devices = Eth::Contract.from_abi(
+        name: "DeviceRegistry",
+        address: Contracts::DEVICE_REGISTRY_ADDRESSES.fetch(network),
+        abi: Contracts::DEVICE_REGISTRY_ABI
+      )
+      @sessions = Eth::Contract.from_abi(
+        name: "SessionRegistry",
+        address: Contracts::SESSION_REGISTRY_ADDRESSES.fetch(network),
+        abi: Contracts::SESSION_REGISTRY_ABI
+      )
+    end
+
+    def create_challenge(origin)
+      AuthChallenge.new(
+        type:      "challenge",
+        nonce:     SecureRandom.uuid,
+        issued_at: (Time.now.to_f * 1000).to_i,
+        origin:    origin
+      )
+    end
+
+    def verify_auth_response(challenge, response, ttl_ms: 30_000)
+      # 1. Usuário recusou
+      unless response.approved
+        return VerifyAuthResult.new(valid: false, reason: "User rejected the login request")
+      end
+
+      # 2. TTL expirado
+      now_ms = (Time.now.to_f * 1000).to_i
+      if now_ms - challenge.issued_at > ttl_ms
+        return VerifyAuthResult.new(valid: false, reason: "Challenge expired")
+      end
+
+      # 3. Nonce bate com o challenge original
+      if challenge.nonce != response.nonce
+        return VerifyAuthResult.new(valid: false, reason: "Nonce mismatch")
+      end
+
+      # 4. Verificar assinatura
+      # JSON.generate já produz JSON compacto (sem espaços) — compatível com Dart e JS
+      message = JSON.generate(challenge.to_h)
+      begin
+        signer = Eth::Signature.personal_recover(message, response.signature)
+      rescue => e
+        return VerifyAuthResult.new(valid: false, reason: "Invalid signature format")
+      end
+
+      if signer.downcase != response.device_address.downcase
+        return VerifyAuthResult.new(valid: false, reason: "Signature does not match device address")
+      end
+
+      # 5. Device ativo na blockchain
+      is_active = @rpc.call(@devices, "isDeviceActive", response.device_address)
+      unless is_active
+        return VerifyAuthResult.new(valid: false, reason: "Device is not active or has been revoked")
+      end
+
+      # 6. Buscar identityId do device
+      device = @rpc.call(@devices, "getDevice", response.device_address)
+
+      VerifyAuthResult.new(
+        valid:          true,
+        identity_id:    device[0],
+        device_address: response.device_address
+      )
+    end
+
+    def verify_session(session_hash)
+      # bytes32: converte hex string → 32 bytes binários
+      hash_bytes = [session_hash.delete_prefix("0x")].pack("H*")
+
+      session = @rpc.call(@sessions, "getSession", hash_bytes)
+      return SessionInfo.new(exists: false, revoked: false) unless session[4] # exists
+
+      revoked = @rpc.call(@sessions, "isSessionRevoked", hash_bytes)
+
+      SessionInfo.new(
+        exists:       true,
+        revoked:      revoked,
+        identity_id:  session[0],
+        device_pub_key: session[1],
+        created_at:   Time.at(session[2]).utc
+      )
+    end
+
+    def check_device_status(device_pub_key)
+      device = @rpc.call(@devices, "getDevice", device_pub_key)
+      return DeviceStatus.new(exists: false, active: false) unless device[5] # exists
+
+      DeviceStatus.new(
+        exists:      true,
+        active:      !device[4], # revoked → active é o inverso
+        label:       device[2],
+        identity_id: device[0],
+        added_at:    Time.at(device[3]).utc
+      )
+    end
+  end
+end

data/lib/truthid/contracts.rb

@@ -0,0 +1,70 @@
+module TruthID
+  module Contracts
+    DEVICE_REGISTRY_ADDRESSES = {
+      "base-sepolia" => "0x225c67a98c9D675fE595ae05a2F9249C34d9C60a",
+      "base-mainnet" => "0x4A7a307cb6872bde24BAf3E9de2BeC3Ddd03e144"
+    }.freeze
+    DEVICE_REGISTRY_ABI = [
+      {
+        "type" => "function",
+        "name" => "isDeviceActive",
+        "inputs" => [{ "name" => "devicePubKey", "type" => "address" }],
+        "outputs" => [{ "name" => "", "type" => "bool" }],
+        "stateMutability" => "view"
+      },
+      {
+        "type" => "function",
+        "name" => "getDevice",
+        "inputs" => [{ "name" => "devicePubKey", "type" => "address" }],
+        "outputs" => [
+          {
+            "name" => "",
+            "type" => "tuple",
+            "components" => [
+              { "name" => "identityId", "type" => "uint256" },
+              { "name" => "pubKey",     "type" => "address" },
+              { "name" => "label",      "type" => "string"  },
+              { "name" => "addedAt",    "type" => "uint256" },
+              { "name" => "revoked",    "type" => "bool"    },
+              { "name" => "exists",     "type" => "bool"    }
+            ]
+          }
+        ],
+        "stateMutability" => "view"
+      }
+    ].freeze
+
+    SESSION_REGISTRY_ADDRESSES = {
+      "base-sepolia" => "0xdeD2Ad865069CA6546172926540D3A3Aa73C1CA6",
+      "base-mainnet" => "0x24074587a2aFB3aa5491361BB0a5eBee90797D1B"
+    }.freeze
+    SESSION_REGISTRY_ABI = [
+      {
+        "type" => "function",
+        "name" => "isSessionRevoked",
+        "inputs" => [{ "name" => "hash", "type" => "bytes32" }],
+        "outputs" => [{ "name" => "", "type" => "bool" }],
+        "stateMutability" => "view"
+      },
+      {
+        "type" => "function",
+        "name" => "getSession",
+        "inputs" => [{ "name" => "hash", "type" => "bytes32" }],
+        "outputs" => [
+          {
+            "name" => "",
+            "type" => "tuple",
+            "components" => [
+              { "name" => "identityId",  "type" => "uint256" },
+              { "name" => "devicePubKey","type" => "address" },
+              { "name" => "createdAt",   "type" => "uint256" },
+              { "name" => "revoked",     "type" => "bool"    },
+              { "name" => "exists",      "type" => "bool"    }
+            ]
+          }
+        ],
+        "stateMutability" => "view"
+      }
+    ].freeze
+  end
+end

data/lib/truthid/types.rb

@@ -0,0 +1,50 @@
+require "json"
+
+module TruthID
+  # AuthChallenge precisa de to_h com camelCase — por isso classe manual, não Struct
+  class AuthChallenge
+    attr_reader :type, :nonce, :issued_at, :origin
+
+    def initialize(type:, nonce:, issued_at:, origin:)
+      @type      = type
+      @nonce     = nonce
+      @issued_at = issued_at
+      @origin    = origin
+    end
+
+    # JSON.generate(challenge.to_h) → formato exato que o mobile assina
+    def to_h
+      { "type" => @type, "nonce" => @nonce, "issuedAt" => @issued_at, "origin" => @origin }
+    end
+
+    def to_json(*args)
+      JSON.generate(to_h)
+    end
+  end
+
+  # AuthResponse é o que chega do mobile (chaves camelCase do JSON mapeadas manualmente)
+  class AuthResponse
+    attr_reader :approved, :nonce, :signature, :device_address
+
+    def initialize(approved:, nonce:, signature:, device_address:)
+      @approved       = approved
+      @nonce          = nonce
+      @signature      = signature
+      @device_address = device_address
+    end
+
+    def self.from_hash(h)
+      new(
+        approved:       h["approved"],
+        nonce:          h["nonce"],
+        signature:      h["signature"],
+        device_address: h["deviceAddress"]
+      )
+    end
+  end
+
+  # Tipos de resultado: snake_case, sem necessidade de conversão JSON
+  VerifyAuthResult = Struct.new(:valid, :identity_id, :device_address, :reason, keyword_init: true)
+  SessionInfo      = Struct.new(:exists, :revoked, :identity_id, :device_pub_key, :created_at, keyword_init: true)
+  DeviceStatus     = Struct.new(:exists, :active, :label, :identity_id, :added_at, keyword_init: true)
+end

data/lib/truthid.rb

@@ -0,0 +1,13 @@
+require_relative "truthid/contracts"
+require_relative "truthid/types"
+require_relative "truthid/client"
+
+module TruthID
+  # Alias para manter a API consistente com os outros SDKs
+  # TypeScript: new TruthIDClient(...)
+  # Python:     TruthIDClient(...)
+  # Ruby:       TruthID::Client.new(...)  ou  TruthID.new_client(...)
+  def self.new_client(network: "base-mainnet", rpc_url: nil)
+    Client.new(network: network, rpc_url: rpc_url)
+  end
+end

metadata

@@ -0,0 +1,62 @@
+--- !ruby/object:Gem::Specification
+name: truthid-sdk
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- masterlxz
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: eth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+description: TruthID passwordless, decentralized authentication SDK for Ruby. No TruthID-operated
+  server, no passwords, no third-party login.
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- lib/truthid.rb
+- lib/truthid/client.rb
+- lib/truthid/contracts.rb
+- lib/truthid/types.rb
+homepage: https://github.com/masterlxz/truthid/tree/main/sdk/ruby#readme
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/masterlxz/truthid/tree/main/sdk/ruby#readme
+  source_code_uri: https://github.com/masterlxz/truthid
+  bug_tracker_uri: https://github.com/masterlxz/truthid/issues
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.9
+specification_version: 4
+summary: TruthID authentication SDK for Ruby
+test_files: []