SiweAuth
Inherits: A13e
Inherit this contract if you wish to enable SIWE-based authentication in your contract functions that require authentication. The smart contract needs to be bound to a domain (passed in constructor).
Example
contract MyContract is SiweAuth {
address private _owner;
string private _message;
modifier onlyOwner(bytes memory token) {
if (msg.sender != _owner && authMsgSender(token) != _owner) {
revert("not allowed");
}
_;
}
constructor(string memory domain) SiweAuth(domain) {
_owner = msg.sender;
}
function getSecretMessage(bytes memory token) external view onlyOwner(token) returns (string memory) {
return _message;
}
function setSecretMessage(string calldata message) external onlyOwner("") {
_message = message;
}
}
State Variables
_domain
Domain which the dApp is associated with
string internal _domain;
_authTokenEncKey
Encryption key which the authentication tokens are encrypted with
bytes32 private _authTokenEncKey;
DEFAULT_VALIDITY
Default authentication token validity, if no expiration-time provided
uint256 private constant DEFAULT_VALIDITY = 24 hours;
Functions
constructor
Instantiate the contract which uses SIWE for authentication and runs on the specified domain.
constructor(string memory inDomain);
Parameters
Name | Type | Description |
---|---|---|
inDomain | string | The domain this contract is associated with |
login
Login using a SIWE message and signature
function login(string calldata siweMsg, SignatureRSV calldata sig) external view override returns (bytes memory);
Parameters
Name | Type | Description |
---|---|---|
siweMsg | string | The signed SIWE message |
sig | SignatureRSV | The signature of the SIWE message |
Returns
Name | Type | Description |
---|---|---|
<none> | bytes | The encrypted authentication token |
domain
Return the domain associated with the dApp.
function domain() public view returns (string memory);
Returns
Name | Type | Description |
---|---|---|
<none> | string | The domain string |
authMsgSender
Get the authenticated address from a token
function authMsgSender(bytes memory token) internal view override checkRevokedAuthToken(token) returns (address);
Parameters
Name | Type | Description |
---|---|---|
token | bytes | The authentication token |
Returns
Name | Type | Description |
---|---|---|
<none> | address | The authenticated user address or zero address if token is empty |
getStatement
Get the statement from the authentication token
function getStatement(bytes memory token) internal view checkRevokedAuthToken(token) returns (string memory);
Parameters
Name | Type | Description |
---|---|---|
token | bytes | The authentication token |
Returns
Name | Type | Description |
---|---|---|
<none> | string | The statement string from the SIWE message |
getResources
Get all resources from the authentication token
function getResources(bytes memory token) internal view checkRevokedAuthToken(token) returns (string[] memory);
Parameters
Name | Type | Description |
---|---|---|
token | bytes | The authentication token |
Returns
Name | Type | Description |
---|---|---|
<none> | string[] | Array of resource URIs the token grants access to |
decodeAndValidateToken
Helper function to decrypt, decode and validate a token
Performs token decoding as well as domain and validation
function decodeAndValidateToken(bytes memory token) internal view virtual returns (AuthToken memory);
Parameters
Name | Type | Description |
---|---|---|
token | bytes | The authentication token |
Returns
Name | Type | Description |
---|---|---|
<none> | AuthToken | The decoded and validated AuthToken struct |
Errors
SiweAuth_ChainIdMismatch
Chain ID in the SIWE message does not match the actual chain ID
error SiweAuth_ChainIdMismatch();
SiweAuth_DomainMismatch
Domain in the SIWE message does not match the domain of a dApp
error SiweAuth_DomainMismatch();
SiweAuth_AddressMismatch
User address in the SIWE message does not match the message signer's address
error SiweAuth_AddressMismatch();
SiweAuth_NotBeforeInFuture
The Not before value in the SIWE message is still in the future
error SiweAuth_NotBeforeInFuture();
SiweAuth_Expired
Validity of the authentication token or the Expires value in the SIWE message is in the past
error SiweAuth_Expired();