Skip to content
/ ethereum-signed-message-service Public

🪄 Flask based micro-service to return signed messages for secure retroactive token distribution

gitcoin.co/quadraticlands
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nopslip/ethereum-signed-message-service

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

114 Commits
nginx-configs
nginx-configs
 
 
tests
tests
 
 
.flaskenv
.flaskenv
 
 
.gitignore
.gitignore
 
 
.python-version
.python-version
 
 
Procfile
Procfile
 
 
README.md
README.md
 
 
app.py
app.py
 
 
dist_proofs.json
dist_proofs.json
 
 
requirements.txt
requirements.txt
 
 
sample.env
sample.env
 
 
setup.py
setup.py
 
 

Repository files navigation

Ethereum Signed Message Service

  • ESMS was created to distribute GTC tokens to the Gitcoin ecosystem.

  • ESMS is a flask based HTTPS micro service that accepts token claim metadata and returns a signed claim message, merkle leaf, proofs, and original metadata that a user can broadcast to TokenDistributor contract to redeem token claim.

Features/Design

  • NGINX-->Gunincorn-->ESMS

  • HMAC authentication is used to verify the integrity of sender by requiring a valid HMAC signature in the HTTP headers of the request.

Setup & Config

First setup a server to run the ESMS on.

Reverse Proxy

  1. install Nginx

sudo apt install nginx

Nginx can easily be used to expose/proxy to one or more instances of the ESMS. Both of the examples below assume nginx.conf will have a line like:

include /etc/nginx/conf.d/*.conf;

Then your config file(s) live in: /etc/nginx/conf.d/

NGINX proxy config for dev and staging

Or:

NGINX proxy for config for production

  1. Install Certbot

Best to check Certbot official docs as install instructions seem to change frequently. https://certbot.eff.org/instructions

For reference, this guide for Ubuntu20 was used for our setup: https://certbot.eff.org/lets-encrypt/ubuntufocal-nginx

sudo snap install core; sudo snap refresh core

sudo snap install --classic certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

sudo certbot --nginx

ESMS Service

  1. create & activate Python virtual environment

sudo apt install python3-pip

sudo apt-get install python3-venv

python3 -m venv esms_venv

source esms_venv/bin/activate

  1. download the repository
  2. install requirements
  3. set environmental variables:

  • copy sample.env .env and configure accordingly

  • two envars are left to be set on the command line:

    PRIVATE_KEY & GTC_SIG_KEY

GTC_SIG_KEY is the HMAC secret/key

PRIVATE_KEY is the private key to the ETH account used to sign claims (pub key to this private key will be hardcoded into the token distribution contract)

Run app

testing/Dev: flask run

production: start screen session: screen -S esms_prod

run the app: gunicorn --workers=5 app:gtc_sig_app -b localhost:8000

detach from the screen session: ctrl a, d

when you want to reattach, just run: screen -ls

then reattach with: screen -R esms_prod

Security Considerations

  1. Restrict access to port 80/443 to only trusted app IP(s)
  2. Collect ESMS logs
  3. non-default SSH port
  4. user mgmt - no shared logins! ;), ssh keys et
  5. etc, todo

About

🪄 Flask based micro-service to return signed messages for secure retroactive token distribution

gitcoin.co/quadraticlands

Topics

ethereum gtc eip712

Resources

Readme
Activity

Stars

2 stars

Watchers

5 watching

Forks

0 forks
Report repository

Languages