ethsig-rs
ethsig-rs copied to clipboard
Sign-in with Ethereum worker example
Ethsig-rs
A Cloudflare worker that enables any backend service to use Sign In With Ethereum (SIWE) as an authetnication method.
The worker is an implementation of the SIWE standard to authorize users based on their Ethereum accounts.
The Cloudflare worker supports an endpoint called /authorize
, which is called for a user to sign-in or sign-up. The worker creates salts the authorization request and creates a token for the user to use when making authorized API calls. The token is also the key in a simple KV store that is used by a worker to retrieve authorization information about the user.
After that, the authentication can either be handled by the Cloudflare worker or by the API itself. If it's handled by the worker, we could direct all requests to the worker and then configure the worker to redirect authenticated requests to our API. If the authentication is handled directly by our API, it can plug into the KV store using Cloudflare's API and simply use the token to retrieve authorization information and verify that the requested API call is authorized.
The example assumes that it's used by some front-end as the authentication logic. For that reason
We leverage the worker's ability to auto-expire keys, which we set to last up to the point where the SIWE message expires. That way we can be certain that if a key exists in the KV Store, it must be valid still.Moreover, we don't have to deal with stale authorizations.
Ethsig was developed to be used in a product of the Radicle stack.
Usage
With wrangler
, you can build, test, and deploy your Worker with the following commands:
# compiles your project to WebAssembly and will warn of any issues
wrangler build
# run your Worker in an ideal development workflow (with a local server, file watcher & more)
wrangler dev
# deploy your Worker globally to the Cloudflare network (update your wrangler.toml file for configuration)
wrangler publish
Read the latest worker
crate documentation here: https://docs.rs/worker
Linting
cargo check --all
cargo +nightly fmt -- --check
cargo +nightly clippy --all --all-features -- -D warnings
CI
The repository will automatically Lint and build the rustdoc
for this worker on every new PR. The rustdocs
are placed in /docs
, so they can be automatically hosted in GitHub pages.
Make sure you change the link inside gen-docs.sh
to the name of the crate. This redirection is required because GitHub pages will only serve /docs/index.html
as the entrypoint. With the redirection, we point the user to the correct subpath where the rustdoc
index.html
exists.
The repository will auto-publish the worker on every new commit to master
. Make sure you add CF_API_TOKEN
to the secrets of the repo.
WebAssembly
workers-rs
(the Rust SDK for Cloudflare Workers used in this template) is meant to be executed as
compiled WebAssembly, and as such so must all the code you write and depend upon. All crates and
modules used in Rust-based Workers projects have to compile to the wasm32-unknown-unknown
triple.
Read more about this on the workers-rs
project README.