/ipfs-w3auth-gateway

A web3 authentication service on IPFS gateway

Primary LanguageTypeScriptApache License 2.0Apache-2.0

IPFS W3Auth Gateway · GitHub license

IPFS W3Auth Gateway is a lightweight Web3-based authentication service basedon IPFS gateway and reverse proxy

🚀 Deployment

Please make sure you have IPFS Gateway runnning locally, you can refer this doc to config the gateway information.

1. Run IPFS W3Auth Gateway

  • Run with docker
docker run -e PORT=5050 -e IPFS_ENDPOINT=http://localhost:5001 --network=host crustio/ipfs-w3auth
  • Run with node native
# 1. Clone repo
git clone https://github.com/crustio/ipfs-web3-authenticator.git

# 2. Install and build
yarn && yarn build

# 3. Run
PORT=5050 IPFS_ENDPOINT=http://localhost:5001 yarn start
  • PORT: W3Auth Gateway service listening port

  • IPFS_ENDPOINT: IPFS local API endpoint

2. Config with reverse proxy

2.1 With caddy

  • Auth both readable and writeable API
https://ipfs.example.com {
  reverse_proxy 127.0.0.1:5050
}
  • Auth only writeable API
https://ipfs.example.com {
    reverse_proxy /api/* localhost:5050 {
        header_down Access-Control-Allow-Origin *
        header_down Access-Control-Allow-Methods "POST"
        header_down Access-Control-Allow-Headers *
    }

    reverse_proxy /ipfs/* localhost:8080
}

2.2 With nginx

  • Auth both readable and writeable API
server {
    listen       80;
    listen  [::]:80;
    server_name  ipfs.example.com;


    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }


    location / {
        proxy_http_version 1.1;
        proxy_pass   http://localhost:5050/;
        proxy_set_header Host               $http_host;
        proxy_set_header X-Real-IP          $remote_addr;
        proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
        add_header Cache-Control no-cache;
    }
}
  • Auth only writeable API
server {
    listen       80;
    listen  [::]:80;
    server_name  ipfs.example.com;


    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }


    location /api {
        proxy_http_version 1.1;
        proxy_pass   http://localhost:5050/api;
        proxy_set_header Host               $http_host;
        proxy_set_header X-Real-IP          $remote_addr;
        proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
        add_header Cache-Control no-cache;
    }

    location / {
        proxy_http_version 1.1;
        proxy_pass   http://localhost:8080;
        proxy_set_header Host               $http_host;
        proxy_set_header X-Real-IP          $remote_addr;
        proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
        add_header Cache-Control no-cache;
    }

}

🤟🏻 Usage

The IPFS W3Auth Gateway is compatible with the official IPFS API, with the same HTTP endpoints, flags and arguments. The only additional step you must take when interacting with the IPFS W3Auth Gateway API is to configure the correct Basic Authentication header.

Authorization: Basic <base64(ChainType-PubKey:SignedMsg)>

Let's take cURL as an example 😎

curl -X POST -F file=@myfile -u "ChainType-PubKey:SignedMsg" "http://localhost:5050/api/v0/add"

Get ChainType

ChainType now can be:

  1. sub(or substrate)
  2. eth(or ethereum)
  3. sol(or solana)
  4. pol(or polygon)
  5. nea(or near)
  6. ava(or avalanche)

Get PubKey and SignedMsg

You can get PubKey and SignedMsg by using the following web3-ways:

1. With Substrate

Get PubKey

PubKey is just the substrate address, like 5Chu5r5GA41xFgMXLQd6CDjz1ABGEGVGS276xjv93ApY6vD7

All substrate-based chains are adapted:

Get SignedMsg

Just sign the PubKey with your private key to get the SignedMsg

2. With Ethereum

Get PubKey

PubKey is just the ethereum address(42-characters) start with 0x

Get SignedMsg

Just sign the PubKey with your eth private key to get the SignedMsg

3. With Moonriver

Moonriver is fully compatiable with the Ethereum, you can just follow the same steps with the Ethereum.

Get PubKey

PubKey is just the moonriver(ethereum) address(42-characters) start with 0x

Get SignedMsg

Just sign the PubKey with your moonriver private key to get the SignedMsg

4. With Solana

Get PubKey

PubKey is just the solana address

Get SignedMsg

You can sign the PubKey with your solana private key to get the SignedMsg

5. With Polygon

Get PubKey

PubKey is just the polygon address(42-characters) start with 0x. It's compatiable with the ethereum.

Get SignedMsg

Just sign the PubKey with your polygon private key to get the SignedMsg

6. With Near

You can sign the PubKey with one of your near private key associated with your account to get the SignedMsg

7. With Avalanche

You can sign the Address without chainID prefix, such as avax1se4e9lvhlfwhcqnzjr0vpswqcnhsy5atn5r0l3, with your X- or P- chain private key associated with your account to get the SignedMsg.

🚀 Performance

Learn IPFS W3Auth gateway performance on LINK

💻 Build

Install

yarn

Run in dev mode

yarn dev

Build and run in prod mode

yarn build
yarn start

🙋🏻‍♂️ Contribute

Please feel free to send a PR

License

Apache 2.0