SiweAuth

Inherits: A13e

Inherit this contract if you wish to enable SIWE-based authentication in your contract functions that require authentication. The smart contract needs to be bound to a domain (passed in constructor).

Example

contract MyContract is SiweAuth {
address private _owner;
string private _message;
modifier onlyOwner(bytes memory token) {
if (msg.sender != _owner && authMsgSender(token) != _owner) {
revert("not allowed");
}
_;
}
constructor(string memory domain) SiweAuth(domain) {
_owner = msg.sender;
}
function getSecretMessage(bytes memory token) external view onlyOwner(token) returns (string memory) {
return _message;
}
function setSecretMessage(string calldata message) external onlyOwner("") {
_message = message;
}
}

State Variables

_domain

Domain which the dApp is associated with

string internal _domain;

_authTokenEncKey

Encryption key which the authentication tokens are encrypted with

bytes32 private _authTokenEncKey;

DEFAULT_VALIDITY

Default authentication token validity, if no expiration-time provided

uint256 private constant DEFAULT_VALIDITY = 24 hours;

Functions

constructor

Instantiate the contract which uses SIWE for authentication and runs on the specified domain.

constructor(string memory inDomain);

Parameters

Name	Type	Description
`inDomain`	`string`	The domain this contract is associated with

function login(string calldata siweMsg, SignatureRSV calldata sig) external view override returns (bytes memory);

Parameters

Name	Type	Description
`siweMsg`	`string`	The signed SIWE message
`sig`	`SignatureRSV`	The signature of the SIWE message

Returns

Name	Type	Description
`<none>`	`bytes`	The encrypted authentication token

domain

Return the domain associated with the dApp.

function domain() public view returns (string memory);

Returns

Name	Type	Description
`<none>`	`string`	The domain string

authMsgSender

Get the authenticated address from a token

function authMsgSender(bytes memory token) internal view override checkRevokedAuthToken(token) returns (address);

Parameters

Name	Type	Description
`token`	`bytes`	The authentication token

Returns

Name	Type	Description
`<none>`	`address`	The authenticated user address or zero address if token is empty

getStatement

Get the statement from the authentication token

function getStatement(bytes memory token) internal view checkRevokedAuthToken(token) returns (string memory);

Parameters

Name	Type	Description
`token`	`bytes`	The authentication token

Returns

Name	Type	Description
`<none>`	`string`	The statement string from the SIWE message

getResources

Get all resources from the authentication token

function getResources(bytes memory token) internal view checkRevokedAuthToken(token) returns (string[] memory);

Parameters

Name	Type	Description
`token`	`bytes`	The authentication token

Returns

Name	Type	Description
`<none>`	`string[]`	Array of resource URIs the token grants access to

decodeAndValidateToken

Helper function to decrypt, decode and validate a token

Performs token decoding as well as domain and validation

function decodeAndValidateToken(bytes memory token) internal view virtual returns (AuthToken memory);

Parameters

Name	Type	Description
`token`	`bytes`	The authentication token

Returns

Name	Type	Description
`<none>`	`AuthToken`	The decoded and validated AuthToken struct

Errors

SiweAuth_ChainIdMismatch

Chain ID in the SIWE message does not match the actual chain ID

error SiweAuth_ChainIdMismatch();

SiweAuth_DomainMismatch

Domain in the SIWE message does not match the domain of a dApp

error SiweAuth_DomainMismatch();

SiweAuth_AddressMismatch

User address in the SIWE message does not match the message signer's address

error SiweAuth_AddressMismatch();

SiweAuth_NotBeforeInFuture

The Not before value in the SIWE message is still in the future

error SiweAuth_NotBeforeInFuture();

SiweAuth_Expired

Validity of the authentication token or the Expires value in the SIWE message is in the past

error SiweAuth_Expired();

Sapphire Contracts Lib