Class: Siwe::Parser

Inherits:

Object

Object
Siwe::Parser

show all

Defined in:: lib/siwe/parser.rb

Overview

Parser for the EIP-4361 Sign-In with Ethereum message format. Validates structure line-by-line and per-field via ABNF-aligned regexes. Returns a hash of typed fields plus an array of non-fatal warnings.

Constant Summary collapse

HEADER_SUFFIX =

" wants you to sign in with your Ethereum account:"

SCHEME_REGEX =

/\A([A-Za-z][A-Za-z0-9+\-.]*)\z/

DOMAIN_REGEX = RFC 3986 authority (without scheme://) — userinfo, host (reg-name/IPv4/IP-literal), port.

/\A[A-Za-z0-9\-._~%!$&'()*+,;=:@\[\]]+\z/

ADDRESS_REGEX =

/\A0x[0-9a-fA-F]{40}\z/

NONCE_REGEX =

/\A[A-Za-z0-9]{8,}\z/

CHAIN_REGEX =

/\A[0-9]+\z/

STATEMENT_REGEX = Statement chars per ABNF: %d32-33 %d35-36 %d38-59 %d61 %d63-64 %d91 %d93 %d95 %d126. Note: explicitly excludes %d34 (“) and %d37 (%). Built via Regexp.new to avoid accidental string interpolation of ‘#$&` inside a regex literal.

Regexp.new('\A[a-zA-Z0-9 !\x23\x24\x26-\x3B\x3D\x3F\x40\x5B\x5D\x5F\x7E]*\z')

REQUEST_ID_REGEX =

%r{\A[A-Za-z0-9\-._~%!$&'()*+,;=:@/?]*\z}

URI_REGEX =

/\A[A-Za-z][A-Za-z0-9+\-.]*:[^\s]*\z/

Class Method Summary collapse

.parse(str) ⇒ Object

Instance Method Summary collapse

#initialize(str) ⇒ Parser constructor

A new instance of Parser.
#parse ⇒ Object

rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity.

Constructor Details

#initialize(str) ⇒ `Parser`

Returns a new instance of Parser.

# File 'lib/siwe/parser.rb', line 30

def initialize(str)
  @str = str
  @warnings = []
end

Class Method Details

.parse(str) ⇒ `Object`



26
27
28

# File 'lib/siwe/parser.rb', line 26

def self.parse(str)
  new(str).parse
end

Instance Method Details

#parse ⇒ `Object`

rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity

# File 'lib/siwe/parser.rb', line 35

def parse # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
  raise unable_to_parse("message is not a string") unless @str.is_a?(String)

  lines = @str.split("\n", -1)
  raise unable_to_parse("message too short") if lines.length < 6

  scheme, domain = parse_header(lines[0])
  address = parse_address(lines[1])

  uri_idx = lines.index { |l| l.start_with?("URI: ") }
  raise unable_to_parse("URI: line not found") if uri_idx.nil? || uri_idx < 3

  statement = parse_statement_block(lines[2...uri_idx])

  uri        = parse_field(lines[uri_idx],     "URI: ",       :invalid_uri,             URI_REGEX)
  version    = parse_field(lines[uri_idx + 1], "Version: ",   :invalid_message_version, /\A1\z/)
  chain_str  = parse_field(lines[uri_idx + 2], "Chain ID: ",  :unable_to_parse,         CHAIN_REGEX)
  nonce      = parse_field(lines[uri_idx + 3], "Nonce: ",     :invalid_nonce,           NONCE_REGEX)
  issued_at  = parse_iso_field(lines[uri_idx + 4], "Issued At: ", "issuedAt")

  cursor = uri_idx + 5
  expiration_time = nil
  not_before = nil
  request_id = nil
  resources = nil

  if cursor < lines.length && lines[cursor]&.start_with?("Expiration Time: ")
    expiration_time = parse_iso_field(lines[cursor], "Expiration Time: ", "expirationTime")
    cursor += 1
  end
  if cursor < lines.length && lines[cursor]&.start_with?("Not Before: ")
    not_before = parse_iso_field(lines[cursor], "Not Before: ", "notBefore")
    cursor += 1
  end
  if cursor < lines.length && lines[cursor]&.start_with?("Request ID: ")
    request_id = parse_field(lines[cursor], "Request ID: ", :unable_to_parse, REQUEST_ID_REGEX)
    cursor += 1
  end
  if cursor < lines.length && lines[cursor] == "Resources:"
    cursor += 1
    resources = parse_resources(lines, cursor)
    cursor += resources.length
  end

  validate_trailing(lines, cursor)
  classify_address!(address)

  {
    fields: {
      scheme: scheme,
      domain: domain,
      address: address,
      statement: statement,
      uri: uri,
      version: version,
      chain_id: chain_str.to_i,
      nonce: nonce,
      issued_at: issued_at,
      expiration_time: expiration_time,
      not_before: not_before,
      request_id: request_id,
      resources: resources
    },
    warnings: @warnings
  }
end