npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

capitalisk-auth-client

v1.5.1

Published

A modular front end toolkit for easily implementing log in using any Capitalisk/LDPoS blockchain.

Downloads

13

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

topcloudsystemstopcloudsystems

Keywords

capitaliskauthblockchainlogin

Readme

capitalisk-auth-client

A modular front end toolkit for easily implementing log in using any Capitalisk/LDPoS blockchain.

Capitalisk log in form

What is this for?

This project provides front end components to allow you to easily extend your app or website to support authentication (log in) via a Capitalisk-based blockchain. It's an alternative to the standard email-based authentication which is currently supported by most websites and it saves you from having to do the work of setting up a registration page and handling the whole sign up and email verification flow.

The main login form component (capitalisk-log-in) can be configured to support authentication via any blockchain built using ldpos-chain (Capitalisk's consensus engine).

This project is intended to be used with capitalisk-auth-server (https://github.com/Capitalisk/capitalisk-auth-server) on the server side (Node.js) to complete the authentication flow. Aside from that, it is highly versatile and can work with any transport protocol (I.e. HTTP/HTTPS and WebSockets) and any API framework on the back end (I.e. ExpressJS, Koa... or without any framework).

How does it work?

The main front end component is capitalisk-log-in; it's a form which allows your end users to authenticate themselves using an account from a Capitalisk-based blockchain. If a user wants to log into your service via the capitalisk-log-in form, they simply need to create a new wallet on the relevant blockchain, obtain a few tokens (you can configure the minimum requirement) and then they will use their account passphrase to log into your service. The minimum token requirement serves as a spam prevention mechanism because users have to spend real money to obtain tokens.

The authentication mechanism does not store any credentials (only keeps them in memory while the authentication handshake is taking place). Credentials are transferred only between your end users and your own back end server; your server connects to a third-party blockchain node only to obtain the account's public key (which is publicly visible). You can configure the service to connect to any compatible blockchain node of your choice and can even self-host the blockchain node yourself.

Is it secure?

There are two different security levels: sig and multisig.

The standard sig authentication is the simplest to set up and requires your users to trust you with the main passphrase of their blockchain account. In this situation, it's important that your users keep a separate account just for your service and don't put more tokens on it than they are willing to trust you with. As a service provider, you should not store your users' passphrases; for the same reason that you should not store plain text passwords or credit card numbers.

The multisig authentication approach provides additional security because your users do not need to trust you with their account's main passphrase or any of the tokens inside it. On Capitalisk-based blockchains, any account can register a multisig passphrase; this passphrase can be used to sign certain multi-party transactions but it can also be used for other purposes. The advantage of this multisig key is that it cannot be used to move any funds from the user's account, yet it still allows the user to prove their ownership of the wallet address.

Note also, that Capitalisk-based blockchains, unlike most other blockchains, allow users to change their sig and multisig passphrases at any time for a small fee for peace of mind.

Will this work with my app or website?

All included front end components are native Web Components for maximum compatibility; this means that they can work with any framework or no framework. While these components are fully functional, they do not include any CSS/styling by default so they can be styled to match the look and feel of your own website or application.

Usage

Include library

Include the capitalisk-log-in component (full bundle containing all necessary dependencies) into your application (for example):

import '/node_modules/capitalisk-auth-client/dist/capitalisk-log-in.js';

Or for a web page, you can put this inside the <head></head> tag:

<script src="/node_modules/capitalisk-auth-client/dist/capitalisk-log-in.js" type="module" async></script>

Add the form component

This will allow you to add one or more custom capitalisk-log-in elements into your web page or app like this:

  <capitalisk-log-in
    hostname="capitalisk.com"
    port="443"
    network-symbol="clsk"
    chain-module-name="capitalisk_chain"
    secure="true"
  ></capitalisk-log-in>

This example above sets up a form for authentication via the main Capitalisk blockchain. If you're running your own Capitalisk node, you could point to it instead simply by changing the hostname and/or port attributes.

Setting up a log in form for any other Capitalisk-based blockchain is just as simple. For example, the log in form for the saasufy.com (SAS) blockchain is:

  <capitalisk-log-in
    hostname="sas.saasufy.com"
    port="443"
    network-symbol="sas"
    chain-module-name="sas_chain"
    secure="true"
  ></capitalisk-log-in>

Handle form submission

Example handling inside another Web Component:

let capitaliskLogIn = this.querySelector('capitalisk-log-in');

// The capitalisk-log-in component emits a submitCredentials event when the user
// clicks log in; it provides you with account credentials. Then you just need
// to send those credentials to an API endpoint on your server.
capitaliskLogIn.addEventListener('submitCredentials', async (event) => {
  // You can set the form in a disabled state which will disable the
  // submit button.
  capitaliskLogIn.setAttribute('disabled', '');
  // Clear any previous errors shown in the form.
  capitaliskLogIn.removeAttribute('error');
  try {
    // The event.detail object contains the user's credentials.
    // You need to pass this object to the CapitaliskAuthProvider
    // authentiate() method on the server side to authenticate.
    // Here we're invoking a 'log-in' RPC on a WebSocket to send them
    // to our server. This could also have been an HTTP request
    // via AJAX, fetch API or other...
    let logInResponse = await socket.invoke('log-in', event.detail);
    console.log('Logged in');
    // ...
  } catch (error) {
    // On error (including authentication failure), you can set the
    // error attribute on the capitalisk-log-in component to display
    // it to the user.
    capitaliskLogIn.setAttribute('error', error.message);
    // Remember to remove the disabled attribute so that the user
    // can interact with the component again to try again.
    capitaliskLogIn.removeAttribute('disabled');

    return;
  }
  // On success you could redirect the user to their dashboard...
});

capitaliskLogIn.addEventListener('accountReadyStateChange', (event) => {
  // ... You can use event.detail.accountReady to check if the
  // account is ready and valid.
});

capitaliskLogIn.addEventListener('error', (event) => {
  // ... You can use event.detail.error to capture errors from
  // the capitalisk-log-in component. You may set the error attribute
  // of the component to display errors within it.
  // The component only shows an error if set via its error attribute.
});