A Typescript implementation of ERC-5573 ReCap, enabling applications to express UCAN-style object capabilities using Sign In With Ethereum.
ReCap can be installed via npm
:
npm -i siwe-recap
yarn
:
yarn add siwe-recap
or package.json
entry:
{
"dependencies": {
"siwe-recap": "0.0.1-alpha.0"
}
}
ReCaps are designed to be used in conjunction with SIWE. They can be initialized and built as follows:
import { Recap } from 'siwe-recap';
const recap = new Recap();
recap.addAttenuation('https://example.com/my/resource', 'crud', 'read');
recap.addAttenuation('https://example.com/my/resource', 'crud', 'update', { maxTimes: 5 });
recap.addProof('bagaaierasords4njcts6vs7qvdjfcvgnume4hqohf65zsfguprqphs3icwea');
console.log(recap.attenuations);
// {
// "https://example.com/my/resource": {
// "crud/read": [{}],
// "crud/update": [{ maxTimes: 5 }]
// }
// }
They can also be applied to or extracted from SIWE messages:
import { SiweMessage } from 'siwe';
import { Recap } from 'siwe-recap';
const siwe = new SiweMessage( ... );
// we can extract the recap while verifying that the statement in `siwe` matches
// the recap listed in `siwe`s resource list
const recap = Recap.extract_and_verify(siwe);
//
recap.addAttenuation('https://example.com/my/resource', 'crud', 'read');
// the new change will be merged into the existing recap in `siwe`
recap.add_to_siwe_messate(siwe);
This package is still ALPHA software, bugs may exist and APIs may change in future. This library for has not yet undergone a formal security audit. We welcome continued feedback on the usability, architecture, and security of this implementation.