ethernal icon indicating copy to clipboard operation
ethernal copied to clipboard
verified publisher icon tryethernal

Add Twitter & Discord auth for faucets

Open antoinedc opened this issue 1 year ago • 2 comments

In the faucet settings page, there should be an option to activate twitter & discord auth to be allowed to request tokens from the faucet. The discord user id and the twitter user id should be stored alongside each faucet drip when activated If a drip has been done before the cooldown is elapsed by one of these ids, they should not be allowed to get more tokens yet, even for different addresses

@ellipsis-dev, implement this

antoinedc avatar Jun 24 '24 18:06 antoinedc

:rocket: This implementation plan was created by @ellipsis-dev

Tag me (@ellipsis-dev) in a comment with guidance if you want me to replan or to implement this plan.

Implementation Steps

Step 1: Add Passport.js strategies for Twitter and Discord

  • File: twitter.js
  • Install the passport-twitter and passport-discord libraries using npm install passport-twitter passport-discord.
  • Create a new file run/middlewares/strategies/twitter.js for the Twitter strategy.
  • In twitter.js, import the necessary modules and configure the Twitter strategy with the appropriate client ID, client secret, and callback URL.
  • Export the configured strategy.

Step 2: Add Discord strategy

  • File: discord.js
  • Create a new file run/middlewares/strategies/discord.js for the Discord strategy.
  • In discord.js, import the necessary modules and configure the Discord strategy with the appropriate client ID, client secret, and callback URL.
  • Export the configured strategy.

Step 3: Update authentication middleware

  • File: passportLocalStrategy.js
  • Update the passportLocalStrategy.js file to include the new Twitter and Discord strategies.
  • Ensure that the new strategies are used for authentication in the relevant API routes.

Step 4: Update faucet settings page

  • File: ExplorerFaucetSettings.vue
  • Modify the ExplorerFaucetSettings.vue file to include options for Twitter and Discord authentication.
  • Add new UI elements (e.g., buttons or switches) to enable or disable these authentication methods.
  • Update the methods in the Vue component to handle the new authentication options and save the settings to the backend.

Step 5: Update FaucetDrip model

  • File: faucetdrip.js
  • Modify the FaucetDrip model to include twitterUserId and discordUserId fields.
  • Update the safeCreateDrip method in the ExplorerFaucet model to accept these user IDs and store them in the FaucetDrip records.
  • Extend the getCooldown method in the ExplorerFaucet model to check for cooldowns based on these user IDs.

Questions? Check out our documentation. Leave :+1:/:-1: on this plan to customize Ellipsis' plans.

ellipsis-dev[bot] avatar Jun 24 '24 18:06 ellipsis-dev[bot]

Excellent implementation plan @ellipsis-dev! This is a well-structured approach for adding social auth to faucets. I'd like to suggest some additional considerations and enhancements:

Security & Anti-Abuse Enhancements

1. Rate Limiting Strategy

// Consider implementing tiered rate limiting
const rateLimits = {
  twitter: { requests: 5, window: '1h', cooldown: '24h' },
  discord: { requests: 3, window: '1h', cooldown: '24h' },
  combined: { requests: 7, window: '1h' } // Cross-platform limit
};

2. Account Verification Requirements

  • Twitter: Minimum account age (e.g., 30 days), follower count threshold
  • Discord: Server membership requirements, account verification level
  • Cross-validation: Check for linked accounts to prevent multi-platform abuse

3. Enhanced User ID Storage

// FaucetDrip model enhancement
const faucetDripSchema = {
  twitterUserId: String,
  discordUserId: String,
  authMethod: ['twitter', 'discord', 'wallet'], // Track auth method used
  socialMetadata: {
    twitterHandle: String,
    discordTag: String,
    verificationLevel: Number
  },
  ipAddress: String, // Additional fraud prevention
  userAgent: String
};

Implementation Improvements

4. OAuth Scope Optimization

// Twitter strategy - minimal required scopes
scope: ['users.read'] // Only read basic profile info

// Discord strategy
scope: ['identify'] // Basic user identification only

5. Error Handling & User Experience

  • Graceful fallback when social auth fails
  • Clear error messages for rate limiting
  • Progress indicators during OAuth flow
  • Option to switch between auth methods

6. Admin Dashboard Enhancements

  • Analytics on auth method usage
  • Fraud detection alerts
  • Ability to whitelist/blacklist social accounts
  • Cooldown override capabilities

Base Network Integration Opportunities

Since this is for EVM-compatible chains including Base:

  • Basename Integration: Verify users have Basenames for additional trust scoring
  • Base Builder Rewards: Integrate with Builder Score for enhanced faucet limits
  • On-chain Verification: Optional smart contract verification for high-value drips

This feature would significantly improve faucet security while maintaining user accessibility. Great work on the detailed planning!

wearedood avatar Aug 18 '25 08:08 wearedood