Question regarding passing data from
Question regarding passing data from frontend to convex
5 Replies
We are implementing authentication using Ethereum signatures, sending a string to be validated by relevant web3 auth inside of the mutation, how would you recommend us passing the string value between frontend and convex? We're able to call write mutations to save data from frontend to convex, but need a little help with this... more session based, ephemeral data transfer. Appreciate your help! Thank you.
Can you say more about this? It sounds like you might want a session object created when a user arrives that only they can access: a DB row in the Convex database that only that user has the id / key for. Then queries and mutation can read and write to this object.
Mutations can return data, so your mutation that sends in the string value can also return an identifier for the session.
Here's the code from a backend that we use to verify if an Ethereum signature (the string from the frontend) is matching the address/user:
const verifySign=(account,signature)=>{
let recoveredAddr;
let rlt=true;
try{
recoveredAddr= web3.eth.accounts.recover("Returning address: signature login required.", signature);
} catch(error){
rlt = false;
}
if(rlt==false)return false;
if(recoveredAddr === account) return true;
else return false;
}
module.exports = verifySign;
Is the only way to handle 'signature' is by storing it in convex and having the mutation read it?
Can we pass the string for the auth without having to store it in convex?
Sorry if we're missing something obvious
On a broader note, we're essentially looking to implement a type of row level security using Ethereum signatures
IE. The row has an Ethereum address ('account' in the above code) field associated with it, and the only the person who can prove they control that Ethereum address (with the signature string) can edit that row through the mutation functions
You could store this in Convex, either temporarily or permanently, or you can send it in as an argument to mutations. Are you asking if there's a third way, some kind of session object? Not now, but if that would be helpful it's good to hear for us to think about
You can implement this row-level security in the mutations that write to these rows, and optionally require a signature to read rows by checking that in a query.
Can we pass the string for the auth without having to store it in convex?Yes, if you pass it as an argument to queries and mutations
Awesome, that's what I was looking for. Pass it via argument to mutation. Not sure why our developer missed this (he's already able to write data to convex from frontend client), so let me follow up