Documentation
¶
Overview ¶
Package siws implements Sign In With Solana (SIWS) authentication. SIWS is part of the Solana Wallet Standard, allowing users to authenticate by signing a standardized message with their wallet's Ed25519 private key.
Index ¶
- func Base58ToPublicKey(address string) (ed25519.PublicKey, error)
- func ConstructMessage(input SignInInput) string
- func GenerateNonce() (string, error)
- func PublicKeyToBase58(pubKey ed25519.PublicKey) string
- func ValidateAddress(address string) error
- func ValidateDomain(input SignInInput, expectedDomain string) error
- func ValidateTimestamps(input SignInInput) error
- func Verify(input SignInInput, output SignInOutput) error
- func VerifySignature(output SignInOutput) error
- type AccountInfo
- type ChallengeCache
- type ChallengeData
- type InputOption
- type SignInInput
- type SignInOutput
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Base58ToPublicKey ¶
Base58ToPublicKey decodes a base58-encoded Solana address to an Ed25519 public key.
func ConstructMessage ¶
func ConstructMessage(input SignInInput) string
ConstructMessage builds the SIWS message following the ABNF specification. The message format is:
${domain} wants you to sign in with your Solana account:
${address}
${statement}
URI: ${uri}
Version: ${version}
Chain ID: ${chainId}
Nonce: ${nonce}
Issued At: ${issuedAt}
Expiration Time: ${expirationTime}
Not Before: ${notBefore}
Request ID: ${requestId}
Resources:
- ${resources[0]}
- ${resources[1]}
...
func GenerateNonce ¶
GenerateNonce creates a cryptographically secure random nonce. The nonce is at least 8 characters as required by the SIWS spec.
func PublicKeyToBase58 ¶
PublicKeyToBase58 encodes an Ed25519 public key to a base58 Solana address.
func ValidateAddress ¶
ValidateAddress checks if a string is a valid Solana address.
func ValidateDomain ¶
func ValidateDomain(input SignInInput, expectedDomain string) error
ValidateDomain checks that the message domain matches the expected domain.
func ValidateTimestamps ¶
func ValidateTimestamps(input SignInInput) error
ValidateTimestamps checks that the message timestamps are valid. Returns an error if the message is expired or not yet valid.
func Verify ¶
func Verify(input SignInInput, output SignInOutput) error
Verify checks that the signature is valid for the given input and output. Returns nil if valid, or an error describing the validation failure.
func VerifySignature ¶
func VerifySignature(output SignInOutput) error
VerifySignature performs only cryptographic verification without message reconstruction. Use this when you trust the signedMessage bytes from the wallet.
Types ¶
type AccountInfo ¶
type AccountInfo struct {
Address string `json:"address"` // Base58-encoded public key
PublicKey []byte `json:"publicKey"` // 32-byte Ed25519 public key
}
AccountInfo contains the wallet account details.
type ChallengeCache ¶
type ChallengeCache interface {
Put(ctx context.Context, nonce string, data ChallengeData) error
Get(ctx context.Context, nonce string) (ChallengeData, bool, error)
Del(ctx context.Context, nonce string) error
}
ChallengeCache stores pending SIWS challenges.
type ChallengeData ¶
type ChallengeData struct {
Address string `json:"address"`
Username string `json:"username,omitempty"`
IssuedAt time.Time `json:"issued_at"`
ExpiresAt time.Time `json:"expires_at"`
Input SignInInput `json:"input"` // Store full input for verification
}
ChallengeData is stored server-side while awaiting signature verification.
type InputOption ¶
type InputOption func(*SignInInput)
InputOption is a functional option for customizing SignInInput.
func WithChainID ¶
func WithChainID(chainID string) InputOption
WithChainID sets a custom chain ID (mainnet, devnet, testnet).
func WithExpirationDuration ¶
func WithExpirationDuration(d time.Duration) InputOption
WithExpirationDuration sets expiration relative to issued time.
func WithResources ¶
func WithResources(resources ...string) InputOption
WithResources adds resource URIs to the input.
func WithStatement ¶
func WithStatement(statement string) InputOption
WithStatement sets a custom statement message.
type SignInInput ¶
type SignInInput struct {
Domain string `json:"domain"`
Address string `json:"address"`
Statement *string `json:"statement,omitempty"`
URI *string `json:"uri,omitempty"`
Version *string `json:"version,omitempty"`
ChainID *string `json:"chainId,omitempty"`
Nonce string `json:"nonce"`
IssuedAt string `json:"issuedAt"`
ExpirationTime *string `json:"expirationTime,omitempty"`
NotBefore *string `json:"notBefore,omitempty"`
RequestID *string `json:"requestId,omitempty"`
Resources []string `json:"resources,omitempty"`
}
SignInInput contains the parameters for a SIWS challenge. This is sent to the wallet to construct the sign-in message.
func NewSignInInput ¶
func NewSignInInput(domain, address string, opts ...InputOption) (SignInInput, error)
NewSignInInput creates a SignInInput with required fields and sensible defaults.
func ParseMessage ¶
func ParseMessage(message string) (SignInInput, error)
ParseMessage extracts SignInInput fields from a SIWS message string. This is useful for verifying the signed message matches expected values.
type SignInOutput ¶
type SignInOutput struct {
Account AccountInfo `json:"account"`
Signature []byte `json:"signature"` // 64-byte Ed25519 signature
SignedMessage []byte `json:"signedMessage"` // The message bytes that were signed
}
SignInOutput contains the wallet's response after signing.
Source Files