IPFS W3Auth Gateway is a lightweight Web3-based authentication service basedon IPFS gateway and reverse proxy
Please make sure you have IPFS Gateway runnning locally, you can refer this doc to config the gateway information.
- Run with docker
docker run -e PORT=5050 -e IPFS_ENDPOINT=http://localhost:5001 --network=host crustio/ipfs-w3auth
- Run with node native
# 1. Clone repo
git clone https://github.com/crustio/ipfs-web3-authenticator.git
# 2. Install and build
yarn && yarn build
# 3. Run
PORT=5050 IPFS_ENDPOINT=http://localhost:5001 yarn start
-
PORT: W3Auth Gateway service listening port
-
IPFS_ENDPOINT: IPFS local API endpoint
- Auth both readable and writeable API
https://ipfs.example.com {
reverse_proxy 127.0.0.1:5050
}
- Auth only writeable API
https://ipfs.example.com {
reverse_proxy /api/* localhost:5050 {
header_down Access-Control-Allow-Origin *
header_down Access-Control-Allow-Methods "POST"
header_down Access-Control-Allow-Headers *
}
reverse_proxy /ipfs/* localhost:8080
}
- Auth both readable and writeable API
server {
listen 80;
listen [::]:80;
server_name ipfs.example.com;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location / {
proxy_http_version 1.1;
proxy_pass http://localhost:5050/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header Cache-Control no-cache;
}
}
- Auth only writeable API
server {
listen 80;
listen [::]:80;
server_name ipfs.example.com;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location /api {
proxy_http_version 1.1;
proxy_pass http://localhost:5050/api;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header Cache-Control no-cache;
}
location / {
proxy_http_version 1.1;
proxy_pass http://localhost:8080;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header Cache-Control no-cache;
}
}
The IPFS W3Auth Gateway is compatible with the official IPFS API, with the same HTTP endpoints, flags and arguments. The only additional step you must take when interacting with the IPFS W3Auth Gateway API is to configure the correct Basic Authentication header.
Authorization: Basic <base64(ChainType-PubKey:SignedMsg)>
Let's take cURL
as an example π
curl -X POST -F file=@myfile -u "ChainType-PubKey:SignedMsg" "http://localhost:5050/api/v0/add"
ChainType
now can be:
sub
(orsubstrate
)eth
(orethereum
)sol
(orsolana
)pol
(orpolygon
)nea
(ornear
)ava
(oravalanche
)
You can get PubKey
and SignedMsg
by using the following web3-ways:
PubKey
is just the substrate address, like 5Chu5r5GA41xFgMXLQd6CDjz1ABGEGVGS276xjv93ApY6vD7
All substrate-based chains are adapted:
Just sign the PubKey
with your private key to get the SignedMsg
- With Crust Apps
- With Polkadot Apps
- With Subkey
- With Node SDK
PubKey
is just the ethereum address(42-characters) start with 0x
Just sign the PubKey
with your eth private key to get the SignedMsg
- With MyEtherWallet
- With MyCrypto
Moonriver is fully compatiable with the Ethereum, you can just follow the same steps with the Ethereum.
PubKey
is just the moonriver(ethereum) address(42-characters) start with 0x
Just sign the PubKey
with your moonriver private key to get the SignedMsg
- With MyEtherWallet
- With MyCrypto
- With Code Sample
PubKey
is just the solana address
You can sign the PubKey
with your solana private key to get the SignedMsg
- With Solana Signer Sandbox (deploy with IPFS(cid:
QmYXnTQwKkup7yNLXZz2VyBvBj9eJB1knG8V8dnmjNuNnu
), source code is here, you can deploy yourself) - With Phantom
PubKey
is just the polygon address(42-characters) start with 0x
. It's compatiable with the ethereum.
Just sign the PubKey
with your polygon private key to get the SignedMsg
- With MyEtherWallet
- With MyCrypto
You can sign the PubKey
with one of your near private key associated with your account to get the SignedMsg
- With Near Wallet Example (deploy with IPFS(cid:
QmYq6wg5NG6mRq6e8urhLTXLsf7QAzZ8RKcgyyiX5qH45b
), source code is here, you can deploy yourself) - With Near-API-JS Example
You can sign the Address
without chainID prefix, such as avax1se4e9lvhlfwhcqnzjr0vpswqcnhsy5atn5r0l3
, with your X- or P- chain private key associated with your account to get the SignedMsg
.
- With Avalanche Wallet
PubKey
is the aptos's account pubkey, such as 0xaa79510150c3a6753f224ef47a315ea6ae9acd23f4506a866feb25f8995c60c
. Please pay attention that it's not the same as the address.
You can sign the PubKey
with your aptos private key to get the SignedMsg
- With Martian Wallet
Learn IPFS W3Auth gateway performance on LINK
yarn
yarn dev
yarn build
yarn start
Please feel free to send a PR