Merge pull request #615 from JeneaVranceanu/feat/siwe-eip4361

feat: EIP-4361 - or Sign in with Ethereum (SIWE)

Author: yaroslavyaroslav

Sources/Core/Utility/NSRegularExpression+Extension.swift

@@ -5,75 +5,47 @@
 
 import Foundation
 
-extension NSRegularExpression {
+public extension NSRegularExpression {
     typealias GroupNamesSearchResult = (NSTextCheckingResult, NSTextCheckingResult, Int)
 
-    private func textCheckingResultsOfNamedCaptureGroups() -> [String: GroupNamesSearchResult] {
+    private func getNamedCaptureGroups() -> [String: GroupNamesSearchResult] {
         var groupnames = [String: GroupNamesSearchResult]()
 
-        guard let greg = try? NSRegularExpression(pattern: "^\\(\\?<([\\w\\a_-]*)>$", options: NSRegularExpression.Options.dotMatchesLineSeparators) else {
+        guard let greg = try? NSRegularExpression(pattern: "\\(\\?<([\\w\\a_-]*)>$",
+                                                  options: .dotMatchesLineSeparators),
+              let reg = try? NSRegularExpression(pattern: "\\(.*?>",
+                                                 options: .dotMatchesLineSeparators) else {
             // This never happens but the alternative is to make this method throwing
             return groupnames
         }
-        guard let reg = try? NSRegularExpression(pattern: "\\(.*?>", options: NSRegularExpression.Options.dotMatchesLineSeparators) else {
-            // This never happens but the alternative is to make this method throwing
-            return groupnames
-        }
-        let m = reg.matches(in: self.pattern, options: NSRegularExpression.MatchingOptions.withTransparentBounds, range: NSRange(location: 0, length: self.pattern.utf16.count))
-        for (n, g) in m.enumerated() {
-            let r = self.pattern.range(from: g.range(at: 0))
-            let gstring = String(self.pattern[r!])
-            let gmatch = greg.matches(in: gstring, options: NSRegularExpression.MatchingOptions.anchored, range: NSRange(location: 0, length: gstring.utf16.count))
+
+        let m = reg.matches(in: pattern, options: .withTransparentBounds, range: pattern.fullNSRange)
+        for (nameIndex, g) in m.enumerated() {
+            let r = pattern.range(from: g.range(at: 0))
+            let gstring = String(pattern[r!])
+            let gmatch = greg.matches(in: gstring, options: [], range: gstring.fullNSRange)
             if gmatch.count > 0 {
                 let r2 = gstring.range(from: gmatch[0].range(at: 1))!
-                groupnames[String(gstring[r2])] = (g, gmatch[0], n)
+                groupnames[String(gstring[r2])] = (g, gmatch[0], nameIndex)
             }
 
         }
         return groupnames
     }
 
-    func indexOfNamedCaptureGroups() throws -> [String: Int] {
-        var groupnames = [String: Int]()
-        for (name, (_, _, n)) in self.textCheckingResultsOfNamedCaptureGroups() {
-            groupnames[name] = n + 1
-        }
-        return groupnames
-    }
-
-    func rangesOfNamedCaptureGroups(match: NSTextCheckingResult) throws -> [String: Range<Int>] {
-        var ranges = [String: Range<Int>]()
-        for (name, (_, _, n)) in self.textCheckingResultsOfNamedCaptureGroups() {
-            ranges[name] = Range(match.range(at: n+1))
-        }
-        return ranges
-    }
-
-    private func nameForIndex(_ index: Int, from: [String: GroupNamesSearchResult]) -> String? {
-        for (name, (_, _, n)) in from {
-            if (n + 1) == index {
-                return name
-            }
-        }
-        return nil
-    }
-
     func captureGroups(string: String, options: NSRegularExpression.MatchingOptions = []) -> [String: String] {
-        return captureGroups(string: string, options: options, range: NSRange(location: 0, length: string.utf16.count))
+        captureGroups(string: string, options: options, range: string.fullNSRange)
     }
 
     func captureGroups(string: String, options: NSRegularExpression.MatchingOptions = [], range: NSRange) -> [String: String] {
         var dict = [String: String]()
         let matchResult = matches(in: string, options: options, range: range)
-        let names = self.textCheckingResultsOfNamedCaptureGroups()
-        for (_, m) in matchResult.enumerated() {
-            for i in (0..<m.numberOfRanges) {
-                guard let r2 = string.range(from: m.range(at: i)) else {continue}
-                let g = String(string[r2])
-                if let name = nameForIndex(i, from: names) {
-                    dict[name] = g
-                }
-            }
+        guard let match = matchResult.first else {
+            return dict
+        }
+        for name in getNamedCaptureGroups().keys {
+            guard let stringRange = string.range(from: match.range(withName: name)) else {continue}
+            dict[name] = String(string[stringRange])
         }
         return dict
     }

Sources/Core/Utility/String+Extension.swift

@@ -84,16 +84,22 @@ extension String {
         return self
     }
 
-    func stripLeadingZeroes() -> String? {
-        let hex = self.addHexPrefix()
-        guard let matcher = try? NSRegularExpression(pattern: "^(?<prefix>0x)0*(?<end>[0-9a-fA-F]*)$", options: NSRegularExpression.Options.dotMatchesLineSeparators) else {return nil}
-        let match = matcher.captureGroups(string: hex, options: NSRegularExpression.MatchingOptions.anchored)
-        guard let prefix = match["prefix"] else {return nil}
-        guard let end = match["end"] else {return nil}
-        if (end != "") {
-            return prefix + end
+    /// Strips leading zeroes from a HEX string.
+    /// ONLY HEX string format is supported.
+    /// - Returns: string with stripped leading zeroes (and 0x prefix) or unchaged string.
+    func stripLeadingZeroes() -> String {
+        let hex = addHexPrefix()
+        guard let matcher = try? NSRegularExpression(pattern: "^(?<prefix>0x)(?<leadingZeroes>0+)(?<end>[0-9a-fA-F]*)$",
+                                                     options: .dotMatchesLineSeparators)
+        else {
+            NSLog("stripLeadingZeroes(): failed to parse regex pattern.")
+            return self
         }
-        return "0x0"
+        let match = matcher.captureGroups(string: hex, options: .anchored)
+        guard match["leadingZeroes"] != nil,
+              let prefix = match["prefix"],
+              let end = match["end"] else { return self }
+        return end != "" ? prefix + end : "0x0"
     }
 
     func matchingStrings(regex: String) -> [[String]] {

Sources/web3swift/Utils/EIP/EIP4361.swift

@@ -0,0 +1,136 @@
+//
+//  EIP4361.swift
+//
+//  Created by JeneaVranceanu at 19.09.2022.
+//
+
+import Foundation
+import BigInt
+import Core
+
+public typealias SIWE = EIP4361
+
+fileprivate let datetimePattern = "[0-9]{4}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(.[0-9]+)?(([Zz])|([+|-]([01][0-9]|2[0-3]):[0-5][0-9]))"
+fileprivate let uriPattern = "(([^:?#]+):)?(([^?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?"
+
+/// Sign-In with Ethereum protocol and parser implementation.
+/// EIP-4361: 
+///    - https://eips.ethereum.org/EIPS/eip-4361
+///    - https://github.com/ethereum/EIPs/blob/master/EIPS/eip-4361.md
+///
+/// Thanks to spruceid for SIWE implementation that was rewritten here in Swift: https://github.com/spruceid/siwe/blob/main/packages/siwe-parser/lib/regex.ts
+public final class EIP4361 {
+
+    private static let domain = "(?<domain>([^?#]*)) wants you to sign in with your Ethereum account:"
+    private static let address = "\\n(?<address>0x[a-zA-Z0-9]{40})\\n\\n"
+    private static let statementParagraph = "((?<statement>[^\\n]+)\\n)?"
+    private static let uri = "\\nURI: (?<uri>(\(uriPattern))?)"
+    private static let version = "\\nVersion: (?<version>1)"
+    private static let chainId = "\\nChain ID: (?<chainId>[0-9a-fA-F]+)"
+    private static let nonce = "\\nNonce: (?<nonce>[a-zA-Z0-9]{8,})"
+    private static let issuedAt = "\\nIssued At: (?<issuedAt>(\(datetimePattern)))"
+    private static let expirationTime = "(\\nExpiration Time: (?<expirationTime>(\(datetimePattern))))?"
+    private static let notBefore = "(\\nNot Before: (?<notBefore>(\(datetimePattern))))?"
+    private static let requestId = "(\\nRequest ID: (?<requestId>[-._~!$&'()*+,;=:@%a-zA-Z0-9]*))?"
+    private static let resourcesParagraph = "(\\nResources:(?<resources>(\\n- (\(uriPattern))?)+))?"
+
+    private static var eip4361Pattern: String {
+        "^\(domain)\(address)\(statementParagraph)\(uri)\(version)\(chainId)\(nonce)\(issuedAt)\(expirationTime)\(notBefore)\(requestId)\(resourcesParagraph)$"
+    }
+
+    /// `domain` is the RFC 3986 authority that is requesting the signing.
+    public let domain: String
+    /// `address` is the Ethereum address performing the signing conformant to capitalization encoded checksum specified in EIP-55 where applicable.
+    public let address: EthereumAddress
+    /// `statement` (optional) is a human-readable ASCII assertion that the user will sign, and it must not contain '\n' (the byte 0x0a).
+    public let statement: String?
+    /// `uri` is an RFC 3986 URI referring to the resource that is the subject of the signing (as in the subject of a claim).
+    public let uri: URL
+    /// `version` is the current version of the message, which MUST be 1 for this specification.
+    public let version: BigUInt
+    /// `chain-id` is the EIP-155 Chain ID to which the session is bound, and the network where Contract Accounts MUST be resolved.
+    public let chainId: BigUInt
+    /// `nonce` is a randomized token typically chosen by the relying party and used to prevent replay attacks, at least 8 alphanumeric characters.
+    public let nonce: String
+    /// `issued-at` is the ISO 8601 datetime string of the current time.
+    public let issuedAt: Date
+    /// `expiration-time` (optional) is the ISO 8601 datetime string that, if present, indicates when the signed authentication message is no longer valid.
+    public let expirationTime: Date?
+    /// `not-before` (optional) is the ISO 8601 datetime string that, if present, indicates when the signed authentication message will become valid.
+    public let notBefore: Date?
+    /// `request-id` (optional) is an system-specific identifier that may be used to uniquely refer to the sign-in request.
+    public let requestId: String?
+    /// `resources` (optional) is a list of information or references to information the user wishes to have resolved
+    /// as part of authentication by the relying party. They are expressed as RFC 3986 URIs separated by "\n- " where \n is the byte 0x0a.
+    public let resources: [URL]?
+
+    public init?(_ message: String) {
+        let eip4361Regex = try! NSRegularExpression(pattern: EIP4361.eip4361Pattern)
+        let groups = eip4361Regex.captureGroups(string: message)
+        let dateFormatter = ISO8601DateFormatter()
+        dateFormatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        guard let domain = groups["domain"],
+              let rawAddress = groups["address"],
+              let address = EthereumAddress(rawAddress),
+              let rawUri = groups["uri"],
+              let uri = URL(string: rawUri),
+              let rawVersion = groups["version"],
+              let version = BigUInt(rawVersion, radix: 10) ?? BigUInt(rawVersion, radix: 16),
+              let rawChainId = groups["chainId"],
+              let chainId = BigUInt(rawChainId, radix: 10) ?? BigUInt(rawChainId, radix: 16),
+              let nonce = groups["nonce"],
+              let rawIssuedAt = groups["issuedAt"],
+              let issuedAt = dateFormatter.date(from: rawIssuedAt)
+        else {
+            return nil
+        }
+
+        self.domain = domain
+        self.address = address
+        self.statement = groups["statement"]
+        self.uri = uri
+        self.version = version
+        self.chainId = chainId
+        self.nonce = nonce
+        self.issuedAt = issuedAt
+        expirationTime = dateFormatter.date(from: groups["expirationTime"] ?? "")
+        notBefore = dateFormatter.date(from: groups["notBefore"] ?? "")
+        requestId = groups["requestId"]
+        if let rawResources = groups["resources"] {
+            resources = rawResources.components(separatedBy: "\n- ").compactMap { URL(string: $0) }
+        } else {
+            resources = nil
+        }
+    }
+
+    public var description: String {
+        var descriptionParts = [String]()
+        descriptionParts.append("\(domain) wants you to sign in with your Ethereum account:")
+        descriptionParts.append("\n\(address.address)")
+        if let statement = statement {
+            descriptionParts.append("\n\n\(statement)")
+        }
+        descriptionParts.append("\n\nURI: \(uri)")
+        descriptionParts.append("\nVersion: \(version.description)")
+        descriptionParts.append("\nChain ID: \(chainId.description)")
+        descriptionParts.append("\nNonce: \(nonce)")
+        let dateFormatter = ISO8601DateFormatter()
+        dateFormatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        descriptionParts.append("\nIssued At: \(dateFormatter.string(from: issuedAt))")
+        if let expirationTime = expirationTime {
+            descriptionParts.append("\nExpiration Time: \(dateFormatter.string(from: expirationTime))")
+        }
+        if let notBefore = notBefore {
+            descriptionParts.append("\nNot Before: \(dateFormatter.string(from: notBefore))")
+        }
+        if let requestId = requestId {
+            descriptionParts.append("\nRequest ID: \(requestId)")
+        }
+        if let resources = resources, !resources.isEmpty {
+            descriptionParts.append("\nResources:")
+            descriptionParts.append(contentsOf: resources.map { "\n- \($0.absoluteString)" })
+        }
+        return descriptionParts.joined()
+    }
+}
+

Tests/web3swiftTests/localTests/EIP4361Test.swift

@@ -0,0 +1,40 @@
+//
+//  EIP4361Test.swift
+//
+//  Created by JeneaVranceanu at 21.09.2022.
+//
+
+import Foundation
+import XCTest
+import Core
+
+@testable import web3swift
+
+class EIP4361Test: XCTestCase {
+
+    /// Parsing Sign in with Ethereum message
+    func test_EIP4361Parsing() {
+        let rawSiweMessage = "service.invalid wants you to sign in with your Ethereum account:\n0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2\n\nI accept the ServiceOrg Terms of Service: https://service.invalid/tos\n\nURI: https://service.invalid/login\nVersion: 1\nChain ID: 1\nNonce: 32891756\nIssued At: 2021-09-30T16:25:24.345Z\nExpiration Time: 2021-09-29T15:25:24.234Z\nNot Before: 2021-10-28T14:25:24.123Z\nRequest ID: random-request-id_STRING!@$%%&\nResources:\n- ipfs://bafybeiemxf5abjwjbikoz4mc3a3dla6ual3jsgpdr4cjr3oz3evfyavhwq/\n- https://example.com/my-web2-claim.json"
+        guard let siweMessage = EIP4361(rawSiweMessage) else {
+            XCTFail("Failed to parse SIWE message.")
+            return
+        }
+
+        let dateFormatter = ISO8601DateFormatter()
+        dateFormatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        XCTAssertEqual(siweMessage.domain, "service.invalid")
+        XCTAssertEqual(siweMessage.address, EthereumAddress("0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2")!)
+        XCTAssertEqual(siweMessage.statement, "I accept the ServiceOrg Terms of Service: https://service.invalid/tos")
+        XCTAssertEqual(siweMessage.uri, URL(string: "https://service.invalid/login")!)
+        XCTAssertEqual(siweMessage.version, 1)
+        XCTAssertEqual(siweMessage.chainId, 1)
+        XCTAssertEqual(siweMessage.nonce, "32891756")
+        XCTAssertEqual(siweMessage.issuedAt, dateFormatter.date(from: "2021-09-30T16:25:24.345Z")!)
+        XCTAssertEqual(siweMessage.expirationTime, dateFormatter.date(from: "2021-09-29T15:25:24.234Z")!)
+        XCTAssertEqual(siweMessage.notBefore, dateFormatter.date(from: "2021-10-28T14:25:24.123Z")!)
+        XCTAssertEqual(siweMessage.requestId, "random-request-id_STRING!@$%%&")
+        XCTAssertEqual(siweMessage.resources, [URL(string: "ipfs://bafybeiemxf5abjwjbikoz4mc3a3dla6ual3jsgpdr4cjr3oz3evfyavhwq/")!,
+                                               URL(string: "https://example.com/my-web2-claim.json")!])
+        XCTAssertEqual(siweMessage.description, rawSiweMessage)
+    }
+}

Tests/web3swiftTests/localTests/NSRegularExpressionTest.swift

@@ -0,0 +1,27 @@
+//
+//  NSRegularExpressionTest.swift
+//
+//  Created by JeneaVranceanu at 22.09.2022.
+//
+
+import Foundation
+import XCTest
+
+@testable import Core
+
+class NSRegularExpressionTest: XCTestCase {
+
+    func test_stripLeadingZeroes() {
+        XCTAssertEqual("random-string".stripLeadingZeroes(), "random-string")
+        XCTAssertEqual("".stripLeadingZeroes(), "")
+        XCTAssertEqual("0x".stripLeadingZeroes(), "0x")
+        XCTAssertEqual("0x0".stripLeadingZeroes(), "0x0")
+        XCTAssertEqual("0x00".stripLeadingZeroes(), "0x0")
+        XCTAssertEqual("0x00".stripLeadingZeroes(), "0x0")
+        XCTAssertEqual("0x00000".stripLeadingZeroes(), "0x0")
+        XCTAssertEqual("0x000001".stripLeadingZeroes(), "0x1")
+        XCTAssertEqual("0x1000001".stripLeadingZeroes(), "0x1000001")
+        XCTAssertEqual("0x00000000012300001".stripLeadingZeroes(), "0x12300001")
+    }
+
+}