Initial commit

.gitignore

@@ -0,0 +1,3 @@
+node_modules
+package-lock.json
+.DS_Store

LICENSE

@@ -0,0 +1,21 @@
+MIT license
+
+Copyright (C) 2019 Authereum
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,25 @@
+# Authereum signature-based authentication example
+
+> Example showing how to do signature-based authentication using the Authereum Web3 provider and an express server.
+
+# Getting started
+
+Install dependencies
+
+```bash
+npm install
+```
+
+Run server
+
+```bash
+npm start
+```
+
+Visit [http://localhost:8000/](http://localhost:8000/)
+
+For more resources, visit [developers.authereum.org](https://developers.authereum.org/)
+
+## License
+
+[MIT](LICENSE)

package.json

@@ -0,0 +1,24 @@
+{
+  "name": "example",
+  "version": "1.0.0",
+  "description": "Example",
+  "main": "server.js",
+  "scripts": {
+    "start": "node .",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "",
+  "license": "MIT",
+  "dependencies": {
+    "authereum": "0.0.4-beta.75",
+    "cors": "^2.8.5",
+    "ethers": "^4.0.43",
+    "express": "^4.17.1",
+    "express-jwt": "^5.3.1"
+  },
+  "devDependencies": {
+    "browserify": "^16.5.0",
+    "jsonwebtoken": "^8.5.1",
+    "standard": "^14.3.1"
+  }
+}

public/index.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html lang="en-US">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="initial-scale=1, maximum-scale=1, user-scalable=yes">
+  <title>Authereum signature-based authentication example</title>
+</head>
+<body>
+  <button id="login" style="display:none">Login</button>
+  <button id="logout" style="display:none">Logout</button>
+  <button id="verify" style="display:none">Verify token</button>
+  <output id="output">loading</output>
+  <script src="https://cdn.jsdelivr.net/gh/ethereum/web3.js@1.0.0-beta.34/dist/web3.min.js"></script>
+  <script src="https://unpkg.com/authereum@latest/authereum.js"></script>
+  <script src="vendor/jsonwebtoken.bundle.js"></script>
+  <script src="js/main.js"></script>
+</body>
+</html>

public/js/main.js

@@ -0,0 +1,99 @@
+const loginButton = document.getElementById('login')
+const logoutButton = document.getElementById('logout')
+const verifyButton = document.getElementById('verify')
+const output = document.getElementById('output')
+
+const authereum = new Authereum('kovan')
+const provider = authereum.getProvider()
+const web3 = new Web3(provider)
+
+loginButton.addEventListener('click', async (event) => {
+  event.preventDefault()
+
+  await login()
+  await signChallenge()
+})
+
+logoutButton.addEventListener('click', async (event) => {
+  event.preventDefault()
+
+  await logout()
+})
+
+verifyButton.addEventListener('click', async (event) => {
+  event.preventDefault()
+
+  const res = await verifyToken()
+  log(res)
+})
+
+;(() => {
+  loginCheck()
+})();
+
+async function login() {
+  if (!await authereum.isAuthenticated()) {
+    await authereum.login()
+  }
+
+  await loginCheck()
+}
+
+async function loginCheck() {
+  const loggedIn = await authereum.isAuthenticated()
+  log({loggedIn})
+
+  loginButton.style.display = loggedIn ? 'none' : 'inline-block'
+  logoutButton.style.display = loggedIn ? 'inline-block' : 'none'
+  verifyButton.style.display =  loggedIn ? 'inline-block' : 'none'
+}
+
+async function logout() {
+  await authereum.logout()
+  await loginCheck()
+}
+
+async function signChallenge() {
+  const res = await fetch('/challenge')
+  const json = await res.json()
+
+  const message = json.challenge
+  const address = (await web3.eth.getAccounts())[0]
+  const signature = await web3.eth.sign(message, address)
+
+  // NOTE: this secret doesn't matter if it's exposed because
+  // the server does authentication by verifying
+  // the signature from the auth key.
+  const TOKEN_SECRET = 'somesecret'
+  const TOKEN_ALGORITHM = 'HS256'
+
+  const token = jwt.sign({ address, signature }, TOKEN_SECRET, {
+    algorithm: TOKEN_ALGORITHM
+  })
+
+  localStorage.setItem('token', token)
+}
+
+async function verifyToken() {
+  const token = localStorage.getItem('token')
+  if (!token) {
+    return {error: 'token not set'}
+  }
+
+  const res = await fetch('/verify', {
+    headers: {
+      'content-type': 'application/json',
+      'Authorization': `Bearer ${token}`
+    }
+  })
+
+  const json = await res.json()
+  return json
+}
+
+function log(content) {
+  if (typeof content === 'object') {
+    content = JSON.stringify(content, null, 2)
+  }
+  output.textContent = content
+}