$ l, b7 M7 y! Z- C @
当我们的用户厌倦了传统的电子邮件/密码注册流程时,他们会选择Google、GitHub等社交登录方式,这种方式虽然节约了用户的时间,但登录信息也会被第三方平台记录,也就是说我们用平台账号做了什么,平台都会一目了然,甚至还会对我们的行为进行分析、画像。那么有没有一种登录方式,它的所有信息都只保存在客户端和后端,并不牵扯三方平台授权,最大化的保证用户隐私呢?Web3.0给我们提供了一种选择:MetaMask。/ F6 p) |! c; e! y3 I
/ f7 m6 K& z6 S% \2 y% Q; _
MetaMask
MetaMask是用于与以太坊区块链进行交互的软件加密货币钱包。MetaMask允许用户通过浏览器插件或移动应用程序访问其以太坊钱包,然后可以使用这些扩展程序与去中心化应用程序进行交互。当然了,首先需要拥有一个MetaMask钱包,进入https://chrome.google.com/websto ... oehlefnkodbefgpgknn 3 _5 t4 R# q' w8 I+ |5 Q
: h$ A/ }# z# [
安装metamask浏览器插件:: H( e5 ` b" ~$ m# I
随后点开插件,创建账号,记录密码、钱包地址、以及助记词等信息。7 T% @- M+ S9 N
安装好插件之后,我们就可以利用这个插件和网站应用做交互了。, z# \' D( H# K1 k- m
钱包登录流程) c8 p/ G j2 x9 i
登录逻辑和传统的三方登录还是有差异的,传统三方登录一般是首先跳转三方平台进行授权操作,随后三方平台将code验证码返回给登录平台,登录平台再使用code请求三方平台换取token,再通过token请求用户账号信息,而钱包登录则是先在前端通过Web3.js浏览器插件中保存的私钥对钱包地址进行签名操作,随后将签名和钱包地址发送到后端,后端利用Web3的库用同样的算法进行验签操作,如果验签通过,则将钱包信息存入token,并且返回给前端。7 c3 g6 x9 ~+ i
% M1 T/ t" C) K
前端签名操作" `+ m3 _0 a. Q! X A
首先需要下载前端的Web3.0操作库,https://docs.ethers.io/v4/,随后集成到登录页面中:
7 e0 }- g7 p- L; Z* `
) `. O) E2 o: f! p( o' q1 ?
- <script src="{{ static_url("js/ethers-v4.min.js") }}"></script>6 F; N! i' z; f3 Z7 U s
- <script src="{{ static_url("js/axios.js") }}"></script>9 O+ p$ Q' g- A( P3 _% ?
- <script src="{{ static_url("js/vue.js") }}"></script>
: o9 J, W' t0 v# t7 C; z+ O3 S
& f3 |3 ^/ l- a h# D
这里我们基于Vue.js配合Axios使用。. |, U1 Y& Z- _) M, B) p
接着声明登录激活方法:0 F* D1 d2 u& ~$ v0 `1 ~; r! |
( |3 W( }% W! @1 E7 o
- sign_w3:function(){; J/ M" f0 U p* w1 x% j+ U) G: |& k5 r
- that = this;
- ethereum.enable().then(function () {
- this.provider = new ethers.providers.Web3Provider(web3.currentProvider);
- 5 D$ F8 C! T( w4 b2 J
- this.provider.getNetwork().then(function (result) {! o6 x5 R% z% R" a o, _( @
- if (result['chainId'] != 1) {
- " e, C5 t/ O- O* F4 b
- console.log("Switch to Mainnet!")2 L$ Q: |. p: A( H) L9 j
- } else { // okay, confirmed we're on mainnet
- this.provider.listAccounts().then(function (result) {
- console.log(result);" A) C- S7 T" W* N: {; N
- this.accountAddress = result[0]; // figure out the user's Eth address
- this.provider.getBalance(String(result[0])).then(function (balance) {5 r' F! n$ ^; U8 z- B2 W- B
- var myBalance = (balance / ethers.constants.WeiPerEther).toFixed(4);3 I4 L& E! y& Z$ F2 z
- console.log("Your Balance: " + myBalance);
- });
- // get a signer object so we can do things that need signing
- this.signer = provider.getSigner();1 Q' q4 n' n/ ?9 W5 Z
- var rightnow = (Date.now()/1000).toFixed(0)6 z* j$ p2 ]: y2 N
- var sortanow = rightnow-(rightnow%600)
- this.signer.signMessage("Signing in to "+document.domain+" at "+sortanow, accountAddress, "test password!")4 f$ `. ?( s* ]9 ]* X
- .then((signature) => { that.handleAuth(accountAddress,signature);
- });
- 4 c, J6 \% z$ J
- console.log(this.signer);* r# B5 s$ g' M! ]% M% ?5 {3 q
- })
- }
- })4 `( C/ ^- J3 h* P; h
- }), R7 B2 y7 ]6 l, l' h2 {5 J7 P7 w
- },
- //检查验证* G0 s! r4 ^% Z# N
- handleAuth:function(accountAddress, signature){ L$ ?5 m0 O" b1 U
- " l) H* S* h: b" A1 I. V
- 5 o2 C/ q1 ]/ w- e
- this.myaxios("/checkw3/","post",{"public_address":accountAddress,"signature":signature}).then(data =>{/ `) t3 M, h: Z$ o7 V
- 3 m4 C, ^1 R5 m/ j0 w/ O: m
- if(data.errcode==0){" G: }7 A8 w1 t" e" x: n
- alert("欢迎:"+data.public_address);# h9 U& q& L! }. Z$ c$ ^! i7 N; T
- localStorage.setItem("token",data.token);8 d1 Q" ^+ ^$ X6 r9 l0 \# a8 ^( H( a
- localStorage.setItem("email",data.public_address);3 i, J- R( G, \& o" M8 D& S) d
- window.location.href = "/";
- }else{
- alert("验证失败");
- }
- });
- + r W8 q* T. w5 q9 t+ Z
- % ^7 p; o5 c$ ~" ^" e
- }
% R: a$ T6 ]9 c r2 ]% b
& b/ K" \" D7 B; H4 p; ?
随后创建异步视图方法:
- from tornado.web import url2 O3 [8 ]& \3 H: [0 L
- import tornado.web
- from tornado import httpclient/ ~/ D% b# {4 L$ R$ w1 z f
- from .base import BaseHandler
- from web3.auto import w3
- from eth_account.messages import defunct_hash_message- q" \% C8 n# Z6 b( L
- import time! q* n0 `4 T8 r0 d' o; W5 `+ a
- 9 k1 U7 J" w( @- C/ Q3 u
- class CheckW3(BaseHandler):
- async def post(self):5 w1 X2 `5 I y. [! _
- 9 d3 v2 M! J( h u
- public_address = self.get_argument("public_address")" R" l5 s2 D2 }! N# j
- signature = self.get_argument("signature")
- 8 x& W8 m0 c- c% [' G
- domain = self.request.host9 x, U' m( Z8 k$ _ o0 w. D% \
- if ":" in domain:1 Z8 |, q9 T6 R: V
- domain = domain[0:domain.index(":")]$ h B$ q2 J+ O$ @
- now = int(time.time())
- sortanow = now-now%600
- 9 E$ ]# R( s0 w
- original_message = 'Signing in to {} at {}'.format(domain,sortanow), f5 ]& ?9 Y- Q
- print("[+] checking: "+original_message)
- message_hash = defunct_hash_message(text=original_message)
- signer = w3.eth.account.recoverHash(message_hash, signature=signature)0 U0 b7 W( e; J0 ^+ Z1 C1 @; H4 P7 o
- if signer == public_address:
- try:
- user = await self.application.objects.get(User,email=public_address)
- except Exception as e:: s$ l/ N! Y; z
- user = await self.application.objects.create(User,email=public_address,password=create_password("third"),role=1)4 G$ e# I- ~& p% }8 x
- myjwt = MyJwt()
- token = myjwt.encode({"id":user.id})0 U; i, P; n8 A8 G# m7 J
- self.finish({"msg":"ok","errcode":0,"public_address":public_address,"token":token})8 p2 R7 B' z! K b
- else:
- self.finish({"msg":"could not authenticate signature","errcode":1})
这里通过recoverHash方法对签名进行反编译操作,如果反编译后的钱包地址和前端传过来的钱包地址吻合,那么说明当前账户的身份验证通过:
4 _ U( d# w& [' c# Z$ u2 |7 O
! N1 X1 B& u, e
当验签通过之后,利用钱包地址在后台创建账号,随后将钱包地址、token等信息返回给前端,前端将其保存在stroage中即可。
$ ~2 o8 w3 d9 j7 |" |
结语! C; {! s( f) R! H0 n! R4 i
没错,将至已至,未来已来,是时候将Web3.0区块链技术融入产品了,虽然有些固有的思维方式依然在人们的脑海挥之不去,但世界却在时不我待地变化着,正是:青山遮不住,毕竟东流去!项目开源在https://github.com/zcxey2911/Tornado6_Vuejs3_Edu
: i& N9 ]) W3 k& k! Z, I$ U