ErgoAuth demonstration added

build.gradle

@@ -20,7 +20,8 @@ repositories {
 
 dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-web'
-	implementation 'org.ergoplatform:ergo-appkit_2.11:4.0.8'
+	implementation 'org.springdoc:springdoc-openapi-ui:1.6.4'
+	implementation 'org.ergoplatform:ergo-appkit_2.11:7c3a9b46-SNAPSHOT'
 
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
 }

src/main/java/org/ergoplatform/ergopay/ErgopayApplication.java → src/main/java/org/ergoplatform/ErgopayApplication.java

@@ -1,4 +1,4 @@
-package org.ergoplatform.ergopay;
+package org.ergoplatform;
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;

src/main/java/org/ergoplatform/ergoauth/ErgoAuthController.java

@@ -0,0 +1,74 @@
+package org.ergoplatform.ergoauth;
+
+import org.ergoplatform.appkit.Address;
+import org.ergoplatform.appkit.ErgoAuthUtils;
+import org.ergoplatform.appkit.SigmaProp;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.web.bind.annotation.CrossOrigin;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.security.SecureRandom;
+import java.util.Base64;
+
+import javax.servlet.http.HttpServletRequest;
+
+@RestController
+@CrossOrigin
+public class ErgoAuthController {
+    private static final String MESSAGE_CONSTANT = "ergoauthexampledapp";
+
+    private final Logger logger = LoggerFactory.getLogger(ErgoAuthController.class);
+
+    @GetMapping("/ergoauth/{address}")
+    public Object authenticationRequest(@PathVariable String address, HttpServletRequest httpServletRequest) {
+        try {
+            // we need a SigmaProp for ErgoAuth. Every address is a sigmaprop, so convert
+            SigmaProp addressSigmaProp = SigmaProp.createFromAddress(Address.create(address));
+            // and we need a message to sign. This message should be unique for our dApp,
+            // never occur twice and should not be predictable, so we use a timestring, a unique name
+            // and a random component
+            String messageToSign = new SecureRandom().nextInt(500) + MESSAGE_CONSTANT + System.currentTimeMillis();
+
+            // attention: in production, we must save the message we sent to the user in order to
+            // validate the response. This is not done here as this example has no db attached
+
+            ErgoAuthRequest request = new ErgoAuthRequest();
+            request.messageSeverity = ErgoAuthRequest.Severity.INFORMATION;
+            request.userMessage = "Please sign the message with your address + " + address +
+                    " +  to authenticate to our dApp";
+            request.sigmaBoolean = Base64.getEncoder().encodeToString(addressSigmaProp.toBytes());
+            request.signingMessage = messageToSign;
+
+            // this example is simplified. Instead, you should give a UUID for the request and
+            // save the used sigmaBoolean and signing message to the db here. The UUID should be
+            // path variable for the reply to address and used below to fetch the SigmaBoolean
+            // and signingMessage data from your db
+            request.replyTo = httpServletRequest.getRequestURL().append("/auth").toString();
+
+            return request;
+        } catch (Throwable t) {
+            ErgoAuthRequestError requestError = new ErgoAuthRequestError();
+            requestError.userMessage = (t.getMessage());
+            logger.error("Error round trip", t);
+            return requestError;
+        }
+    }
+
+    @PostMapping("/ergoauth/{address}/auth")
+    public String doAuthenticate(@PathVariable String address, @RequestBody ErgoAuthResponse authResponse) {
+        boolean verified = ErgoAuthUtils.verifyResponse(
+                SigmaProp.createFromAddress(Address.create(address)), // see statement above
+                MESSAGE_CONSTANT, // see statement above
+                authResponse.signedMessage,
+                Base64.getDecoder().decode(authResponse.proof));
+
+        logger.info("Verification successful: " + verified);
+
+        return "Received";
+    }
+}

src/main/java/org/ergoplatform/ergoauth/ErgoAuthRequest.java

@@ -0,0 +1,32 @@
+package org.ergoplatform.ergoauth;
+
+import com.fasterxml.jackson.annotation.JsonInclude;
+
+import javax.annotation.Nullable;
+
+/**
+ * sent to user's wallet to request an authentication
+ */
+public class ErgoAuthRequest {
+    /**
+     * message that should be signed
+     */
+    public String signingMessage;
+    /**
+     * bae64-encoded serialized sigmaBoolean
+     */
+    public String sigmaBoolean;
+    /**
+     * message to show to user
+     */
+    @JsonInclude(JsonInclude.Include.NON_NULL)
+    @Nullable
+    public String userMessage;
+    @JsonInclude(JsonInclude.Include.NON_NULL)
+    @Nullable
+    public Severity messageSeverity;
+
+    public String replyTo;
+
+    enum Severity {NONE, INFORMATION, WARNING, ERROR}
+}

src/main/java/org/ergoplatform/ergoauth/ErgoAuthRequestError.java

@@ -0,0 +1,5 @@
+package org.ergoplatform.ergoauth;
+
+public class ErgoAuthRequestError {
+    public String userMessage;
+}

src/main/java/org/ergoplatform/ergoauth/ErgoAuthResponse.java

@@ -0,0 +1,6 @@
+package org.ergoplatform.ergoauth;
+
+public class ErgoAuthResponse {
+    public String signedMessage;
+    public String proof;
+}