Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
83ef01b
commit 9271f0e
Showing
6 changed files
with
120 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
...oplatform/ergopay/ErgopayApplication.java → .../org/ergoplatform/ErgopayApplication.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
74 changes: 74 additions & 0 deletions
74
src/main/java/org/ergoplatform/ergoauth/ErgoAuthController.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
package org.ergoplatform.ergoauth; | ||
|
||
import org.ergoplatform.appkit.Address; | ||
import org.ergoplatform.appkit.ErgoAuthUtils; | ||
import org.ergoplatform.appkit.SigmaProp; | ||
import org.slf4j.Logger; | ||
import org.slf4j.LoggerFactory; | ||
import org.springframework.web.bind.annotation.CrossOrigin; | ||
import org.springframework.web.bind.annotation.GetMapping; | ||
import org.springframework.web.bind.annotation.PathVariable; | ||
import org.springframework.web.bind.annotation.PostMapping; | ||
import org.springframework.web.bind.annotation.RequestBody; | ||
import org.springframework.web.bind.annotation.RestController; | ||
|
||
import java.security.SecureRandom; | ||
import java.util.Base64; | ||
|
||
import javax.servlet.http.HttpServletRequest; | ||
|
||
@RestController | ||
@CrossOrigin | ||
public class ErgoAuthController { | ||
private static final String MESSAGE_CONSTANT = "ergoauthexampledapp"; | ||
|
||
private final Logger logger = LoggerFactory.getLogger(ErgoAuthController.class); | ||
|
||
@GetMapping("/ergoauth/{address}") | ||
public Object authenticationRequest(@PathVariable String address, HttpServletRequest httpServletRequest) { | ||
try { | ||
// we need a SigmaProp for ErgoAuth. Every address is a sigmaprop, so convert | ||
SigmaProp addressSigmaProp = SigmaProp.createFromAddress(Address.create(address)); | ||
// and we need a message to sign. This message should be unique for our dApp, | ||
// never occur twice and should not be predictable, so we use a timestring, a unique name | ||
// and a random component | ||
String messageToSign = new SecureRandom().nextInt(500) + MESSAGE_CONSTANT + System.currentTimeMillis(); | ||
|
||
// attention: in production, we must save the message we sent to the user in order to | ||
// validate the response. This is not done here as this example has no db attached | ||
|
||
ErgoAuthRequest request = new ErgoAuthRequest(); | ||
request.messageSeverity = ErgoAuthRequest.Severity.INFORMATION; | ||
request.userMessage = "Please sign the message with your address + " + address + | ||
" + to authenticate to our dApp"; | ||
request.sigmaBoolean = Base64.getEncoder().encodeToString(addressSigmaProp.toBytes()); | ||
request.signingMessage = messageToSign; | ||
|
||
// this example is simplified. Instead, you should give a UUID for the request and | ||
// save the used sigmaBoolean and signing message to the db here. The UUID should be | ||
// path variable for the reply to address and used below to fetch the SigmaBoolean | ||
// and signingMessage data from your db | ||
request.replyTo = httpServletRequest.getRequestURL().append("/auth").toString(); | ||
|
||
return request; | ||
} catch (Throwable t) { | ||
ErgoAuthRequestError requestError = new ErgoAuthRequestError(); | ||
requestError.userMessage = (t.getMessage()); | ||
logger.error("Error round trip", t); | ||
return requestError; | ||
} | ||
} | ||
|
||
@PostMapping("/ergoauth/{address}/auth") | ||
public String doAuthenticate(@PathVariable String address, @RequestBody ErgoAuthResponse authResponse) { | ||
boolean verified = ErgoAuthUtils.verifyResponse( | ||
SigmaProp.createFromAddress(Address.create(address)), // see statement above | ||
MESSAGE_CONSTANT, // see statement above | ||
authResponse.signedMessage, | ||
Base64.getDecoder().decode(authResponse.proof)); | ||
|
||
logger.info("Verification successful: " + verified); | ||
|
||
return "Received"; | ||
} | ||
} |
32 changes: 32 additions & 0 deletions
32
src/main/java/org/ergoplatform/ergoauth/ErgoAuthRequest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
package org.ergoplatform.ergoauth; | ||
|
||
import com.fasterxml.jackson.annotation.JsonInclude; | ||
|
||
import javax.annotation.Nullable; | ||
|
||
/** | ||
* sent to user's wallet to request an authentication | ||
*/ | ||
public class ErgoAuthRequest { | ||
/** | ||
* message that should be signed | ||
*/ | ||
public String signingMessage; | ||
/** | ||
* bae64-encoded serialized sigmaBoolean | ||
*/ | ||
public String sigmaBoolean; | ||
/** | ||
* message to show to user | ||
*/ | ||
@JsonInclude(JsonInclude.Include.NON_NULL) | ||
@Nullable | ||
public String userMessage; | ||
@JsonInclude(JsonInclude.Include.NON_NULL) | ||
@Nullable | ||
public Severity messageSeverity; | ||
|
||
public String replyTo; | ||
|
||
enum Severity {NONE, INFORMATION, WARNING, ERROR} | ||
} |
5 changes: 5 additions & 0 deletions
5
src/main/java/org/ergoplatform/ergoauth/ErgoAuthRequestError.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
package org.ergoplatform.ergoauth; | ||
|
||
public class ErgoAuthRequestError { | ||
public String userMessage; | ||
} |
6 changes: 6 additions & 0 deletions
6
src/main/java/org/ergoplatform/ergoauth/ErgoAuthResponse.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
package org.ergoplatform.ergoauth; | ||
|
||
public class ErgoAuthResponse { | ||
public String signedMessage; | ||
public String proof; | ||
} |