SiweAuth

Git Source

Inherits: A13e

Inherit this contract if you wish to enable SIWE-based authentication in your contract functions that require authentication. The smart contract needs to be bound to a domain (passed in constructor).

Example

contract MyContract is SiweAuth {
address private _owner;
string private _message;
modifier onlyOwner(bytes memory token) {
if (msg.sender != _owner && authMsgSender(token) != _owner) {
revert("not allowed");
}
_;
}
constructor(string memory domain) SiweAuth(domain) {
_owner = msg.sender;
}
function getSecretMessage(bytes memory token) external view onlyOwner(token) returns (string memory) {
return _message;
}
function setSecretMessage(string calldata message) external onlyOwner("") {
_message = message;
}
}

State Variables

_domain

Domain which the dApp is associated with

string internal _domain;

_authTokenEncKey

Encryption key which the authentication tokens are encrypted with

bytes32 private _authTokenEncKey;

DEFAULT_VALIDITY

Default authentication token validity, if no expiration-time provided

uint256 private constant DEFAULT_VALIDITY = 24 hours;

Functions

constructor

Instantiate the contract which uses SIWE for authentication and runs on the specified domain.

constructor(string memory inDomain);

Parameters

NameTypeDescription
inDomainstringThe domain this contract is associated with

login

Login using a SIWE message and signature

function login(string calldata siweMsg, SignatureRSV calldata sig) external view override returns (bytes memory);

Parameters

NameTypeDescription
siweMsgstringThe signed SIWE message
sigSignatureRSVThe signature of the SIWE message

Returns

NameTypeDescription
<none>bytesThe encrypted authentication token

domain

Return the domain associated with the dApp.

function domain() public view returns (string memory);

Returns

NameTypeDescription
<none>stringThe domain string

authMsgSender

Get the authenticated address from a token

function authMsgSender(bytes memory token) internal view override checkRevokedAuthToken(token) returns (address);

Parameters

NameTypeDescription
tokenbytesThe authentication token

Returns

NameTypeDescription
<none>addressThe authenticated user address or zero address if token is empty

getStatement

Get the statement from the authentication token

function getStatement(bytes memory token) internal view checkRevokedAuthToken(token) returns (string memory);

Parameters

NameTypeDescription
tokenbytesThe authentication token

Returns

NameTypeDescription
<none>stringThe statement string from the SIWE message

getResources

Get all resources from the authentication token

function getResources(bytes memory token) internal view checkRevokedAuthToken(token) returns (string[] memory);

Parameters

NameTypeDescription
tokenbytesThe authentication token

Returns

NameTypeDescription
<none>string[]Array of resource URIs the token grants access to

decodeAndValidateToken

Helper function to decrypt, decode and validate a token

Performs token decoding as well as domain and validation

function decodeAndValidateToken(bytes memory token) internal view virtual returns (AuthToken memory);

Parameters

NameTypeDescription
tokenbytesThe authentication token

Returns

NameTypeDescription
<none>AuthTokenThe decoded and validated AuthToken struct

Errors

SiweAuth_ChainIdMismatch

Chain ID in the SIWE message does not match the actual chain ID

error SiweAuth_ChainIdMismatch();

SiweAuth_DomainMismatch

Domain in the SIWE message does not match the domain of a dApp

error SiweAuth_DomainMismatch();

SiweAuth_AddressMismatch

User address in the SIWE message does not match the message signer's address

error SiweAuth_AddressMismatch();

SiweAuth_NotBeforeInFuture

The Not before value in the SIWE message is still in the future

error SiweAuth_NotBeforeInFuture();

SiweAuth_Expired

Validity of the authentication token or the Expires value in the SIWE message is in the past

error SiweAuth_Expired();