Skip to content

SEP-10 wallet auth + tightened PocketBase rules #7

Description

@Ryjen1

Problem

The shipped PocketBase rules are wide-open: listRule, viewRule, createRule, updateRule are all empty (public). Anyone with the URL can read or modify any link record. This is fine for a demo but unacceptable for production.

Proposal

Wire up SEP-10 (Stellar Web Authentication) so a wallet can sign a server-issued challenge, exchange it for a JWT, and use that JWT to call PocketBase under the wallet's identity. PocketBase rules then enforce that only the link's creator field can update its row.

Acceptance criteria

  • Frontend: implement a SEP-10 client that fetches a challenge from a configurable web-auth endpoint, signs it via the connected wallet, exchanges it for a token, and stores the token in linkStore as the auth credential for PocketBase requests.
  • Document a recommended web-auth provider in CONTRIBUTING.md (we don't host one ourselves; point at an open-source reference implementation).
  • PocketBase rules updated:
    • listRule: @request.auth.id != ""
    • viewRule: empty (public — pay pages must work for anyone with the URL)
    • createRule: @request.auth.id != "" && @request.data.creator = @request.auth.publicKey
    • updateRule: creator = @request.auth.publicKey
    • deleteRule: null (still no deletes from clients)
  • Update scripts/pocketbase-schema.json to ship the hardened rules.
  • Smoke test: try to update someone else's link with your wallet's JWT — expect a 403.

Files involved

  • frontend/src/lib/sep10.ts — new.
  • frontend/src/lib/linkStore.ts — thread the token through to the PocketBase client.
  • scripts/pocketbase-schema.json — tighten the rules.
  • CONTRIBUTING.md — document the web-auth dependency.

Notes

If we ever want to host the web-auth ourselves, Stellar's reference impl is a good starting point. For v0.2 we keep it BYO.

Metadata

Metadata

Assignees

No one assigned

    Labels

    help wantedExtra attention is neededsecurityTouches auth, signatures, contract authorisation, or data privacy

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions