Farcaster integration

[elliotBraem]

Linked to https://staging.alpha.potlock.org/campaign/4/leaderboard

Platform specific authentication and social feature methods exist in @src/infrastructure/platform

A platform should implement the abstract interfaces in @src/infrastructure/platform/abstract.

For reference, you can see the platform-specific implementations for twitter in @src/infrastructure/platform/twitter

Don't forget to add the platform name to types/common and SUPPORTED_PLATFORMS

---

Keep in mind; Farcaster has a different flow than 0Auth2 PKCE. It actually has a signer object, just like how we use the signer to authorize requests to our proxy service. This will require some thought in how a signer should be created, saved, and re-used (and possibly refreshed) for future requests.

https://docs.farcaster.xyz/reference/warpcast/signer-requests#_2-generate-a-new-ed25519-key-pair-for-the-user-and-signedkeyrequest-signature

import * as ed from '@noble/ed25519';
import { mnemonicToAccount, signTypedData } from 'viem/accounts';

/*** EIP-712 helper code ***/

const SIGNED_KEY_REQUEST_VALIDATOR_EIP_712_DOMAIN = {
  name: 'Farcaster SignedKeyRequestValidator',
  version: '1',
  chainId: 10,
  verifyingContract: '0x00000000fc700472606ed4fa22623acf62c60553',
} as const;

const SIGNED_KEY_REQUEST_TYPE = [
  { name: 'requestFid', type: 'uint256' },
  { name: 'key', type: 'bytes' },
  { name: 'deadline', type: 'uint256' },
] as const;

/*** Generating a keypair ***/

const privateKey = ed.utils.randomPrivateKey();
const publicKeyBytes = await ed.getPublicKey(privateKey);
const key = '0x' + Buffer.from(publicKeyBytes).toString('hex');

/*** Generating a Signed Key Request signature ***/

const appFid = process.env.APP_FID;
const account = mnemonicToAccount(process.env.APP_MNENOMIC);

const deadline = Math.floor(Date.now() / 1000) + 86400; // signature is valid for 1 day
const signature = await account.signTypedData({
  domain: SIGNED_KEY_REQUEST_VALIDATOR_EIP_712_DOMAIN,
  types: {
    SignedKeyRequest: SIGNED_KEY_REQUEST_TYPE,
  },
  primaryType: 'SignedKeyRequest',
  message: {
    requestFid: BigInt(appFid),
    key,
    deadline: BigInt(deadline),
  },
});

Further research will need to be done to figure out how to do the Farcaster specific actions... there's probably some libraries out there

[dungpt99]

Update get signature and deadline

import * as ed from '@noble/ed25519';
import { mnemonicToAccount, signTypedData } from 'viem/accounts';
import { sha512 } from '@noble/hashes/sha512';

ed.etc.sha512Sync = (...m) => sha512(...m);


ed.etc.sha512Sync = (...m) => sha512(...m);

/*** EIP-712 helper code ***/

const SIGNED_KEY_REQUEST_VALIDATOR_EIP_712_DOMAIN = {
  name: 'Farcaster SignedKeyRequestValidator',
  version: '1',
  chainId: 10,
  verifyingContract: '0x00000000fc700472606ed4fa22623acf62c60553',
};

const SIGNED_KEY_REQUEST_TYPE = [
  { name: 'requestFid', type: 'uint256' },
  { name: 'key', type: 'bytes' },
  { name: 'deadline', type: 'uint256' },
];

/*** Generating a keypair ***/

const key = process.env.publickey_signer;

/*** Generating a Signed Key Request signature ***/

const appFid = process.env.FID;
const account = mnemonicToAccount(process.env.APP_MNENOMIC);

const deadline = Math.floor(Date.now() / 1000) + 86400; // signature is valid for 1 day
const signature = await account.signTypedData({
  domain: SIGNED_KEY_REQUEST_VALIDATOR_EIP_712_DOMAIN,
  types: {
    SignedKeyRequest: SIGNED_KEY_REQUEST_TYPE,
  },
  primaryType: 'SignedKeyRequest',
  message: {
    requestFid: BigInt(appFid),
    key,
    deadline: BigInt(deadline),
  },
});

console.log('Signature:', signature);
console.log('Public Key:', key);
console.log('Deadline:', deadline);

[prakhar728]

Gm Gm. Back from vacation and picking up this issue

Approach

Signin

1. Using Neynar for this - specifically this flow.
2. This generates a signer_uuid, and signer_approval_url (more on this here).
   a. The signer_uuid is relevant to our app, to create casts on behalf of the user and has to be stored in the backend.
   b. The signer_approval_url will be used to create a QR code, displayed on the frontend, when scanned would redirect users to approve our app to post on their behalf.

Media Storage

1. Unlike X, Farcaster / Neynar don't have inbuilt media upload support. A workaround that will be using Pinata SDK for uploading various media files.

Rate Limiting and Other X Plugin

Need more knowledge here Neynar doesn't have explicit rate limits that can be tracked, neither does it have many plugins like X. So I'll skip that for implementation right now.

That's it for now!

[elliotBraem]

This looks good, comments:

• For rate limiting let's just implement with a hardcoded "false", so it never hits a rate limit. I doubt Farcaster has rate limit anyway.
• For media support, we can do Piñata, yes. Or I can set up an S3 bucket. Although I'd prefer if we left this part for the end.
• For sign in, yes this sounds good -- but we'll specifically need to set it up through this flow, to recap, twitter works like this:

1. crosspost.auth.loginToPlatform("twitter") -> makes request to proxy server

open-crosspost-proxy-service/packages/sdk/src/api/auth.ts

Line 66 in 3ba9f82

async loginToPlatform(

open-crosspost-proxy-service/src/controllers/auth.controller.ts

Line 41 in 3ba9f82

async initializeAuth(c: Context, platform: PlatformName): Promise<Response> {

2. proxy server creates the oauth2 login link with a callback pointing to proxy server /auth/callback/twitter. We save the targeted userId/platform combo in "state". We return the link

3. Within the SDK method, we receive the link and open in popup.
   

   open-crosspost-proxy-service/packages/sdk/src/utils/popup.ts

   Line 41 in 3ba9f82

   export function openAuthPopup(url: string, options: PopupOptions = {}): Promise<AuthCallbackData> {

4. In popup, it is typical twitter oauth login, on success we call the callback (and return the userId and success in SDK)

5. Proxy server get's hit by the callback and saves the token associated to the near account. Complete.

open-crosspost-proxy-service/src/controllers/auth.controller.ts

Line 106 in 3ba9f82

async handleCallback(c: Context, platform: PlatformName): Promise<Response> {

There seems to be no callback for farcaster: you get the signer_uuid, they approve it, then signer_uuid + API key just works. So I think our flow would be:

1. crosspost.auth.loginToPlatform("farcaster") -> makes request to proxy server
2. proxy server generates signer_uuid and signer_approver_url, we can append a simple callback to the approver_url /auth/callback/farcaster
3. Within the SDK method, we receive the link and open in popup.
4. In popup, we could display our own custom deployed frontend app meant for rendering QR code. It also takes the callback URL from the param
5. User scans QR code, it redirects to Farcaster within popup, does flow, returns back. We hit the callback to say that it has been successful.
6. Successful connection, we save the signer_uuid down
7. On unsuccessful connect, we delete state.