Merge pull request #73 from Web3Auth/feat/combine-siwe-and-siws

feat: combine siwe and siws

Author: chaitanyapotti

.cursor/worktrees.json

@@ -0,0 +1,3 @@
+{
+  "setup-worktree": ["npm install"]
+}

.github/CODEOWNERS

@@ -0,0 +1,26 @@
+# Lines starting with '#' are comments.
+#
+# GUIDELINES:
+# Each line is a file pattern followed by one or more owners.
+# Owners bear a responsibility to the organization and the users of this
+# application. Repository administrators have the ability to merge pull
+# requests that have not yet received the requisite reviews as outlined
+# in this file. Do not force merge any PR without confidence that it
+# follows all policies or without full understanding of the impact of
+# those changes on build, release and publishing outcomes.
+#
+# The CODEOWNERS file constitutes an agreement amongst organisation
+# admins and maintainers to restrict approval capabilities to a subset
+# of contributors. Modifications to this file result in a modification of
+# that agreement and can only be approved by those with the knowledge
+# and responsibility to publish libraries under the MetaMask name.
+
+# Fallback for all other files
+*                               @torusresearch/Admins
+
+# Product code
+src/                            @torusresearch/Web3Auth-Product
+test/                           @torusresearch/Web3Auth-Product
+
+# Most restrictive — last match wins
+.github/CODEOWNERS              @torusresearch/Admins

.github/workflows/ci.yml

@@ -6,7 +6,7 @@ jobs:
   test:
     strategy:
       matrix:
-        node: ["22.x"]
+        node: ["24.x"]
         os: [ubuntu-latest]
 
     runs-on: ${{ matrix.os }}

.gitignore

@@ -28,4 +28,5 @@ secrets.json
 toruslabs-ethereum-embed*
 
 .parcel-cache
-react-app/dist
+react-app/dist
+.eslintcache

.nvmrc

@@ -1 +1 @@
->=18.x
+>=24.x

README.md

@@ -1,30 +1,124 @@
-With Sign-in With Web3, users will be able to take control of their digital identities with their Web3 accounts rather than relying on custodial Oauth
-providers such as Google and Facebook. What this means is that users don't need to share their information and usage data. Leveraging the security and
-privacy aspects of Web3 accounts, users can controls what they share and in what capacity with the apps/dApps they're interating with.
+# @web3auth/sign-in-with-web3
 
-## Sign-in With Web3 - You Own Your Identity
+Authenticate users with their Web3 accounts instead of relying on custodial OAuth providers. Users sign a standard message with any Web3-compatible wallet, keeping full control of their identity and data.
 
-One of the critical problems that web3 solves is privacy. Having control over the private key allows users to own their digital identities. Sign In
-With Web3 leverages this very principle to allow any application (Web2 or Web3) to authenticate users with their Web3 address. Users simply need to
-sign a message using any Web3 compatible wallet to do this.
+Sign-In with Web3 uses a standard message format compliant with [CAIP-74](https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-74.md), parameterized by scope, session details, and security mechanisms (e.g., a nonce).
 
-## What does Sign-in With Web3 Solve?
+## Supported Chains
 
-Today most authentication mechanisms rely on accounts controlled by centralized identity providers such as Google, Facebook, and Apple. Identity
-providers have complete control over the existence and use of users’ digital identities and data.
+- **Ethereum** — [EIP-4361](https://eips.ethereum.org/EIPS/eip-4361) with EIP-1271/6492 smart contract signature support
+- **Solana** — [SIP-99](https://github.com/AdrenaFoundation/SIPs/blob/main/SIPS/sip-99.md) with ed25519 signature verification
 
-Sign-In with Web3 allows off-chain authentication of Web3 accounts by signing a standard message format parameterized by scope, session details, and
-security mechanisms (e.g., a nonce) compliant with [CAIP-74](https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-74.md) which is the current
-chain agnostic standard.
 
-## Supported Chains
+## Installation
+
+```bash
+npm install @web3auth/sign-in-with-web3
+```
+
+## Usage
+
+### Register strategies
+
+Strategies are not auto-registered. Register the chains you need before using `SIWWeb3`:
+
+```typescript
+import { SIWWeb3, ethereumStrategy, solanaStrategy } from "@web3auth/sign-in-with-web3";
+
+SIWWeb3.registerStrategy(ethereumStrategy);
+SIWWeb3.registerStrategy(solanaStrategy);
+```
+
+### Basic
+
+```typescript
+// Parse a signed message string (chain is detected automatically)
+const msg = new SIWWeb3(messageString);
+
+// Or construct from fields (chain is required)
+const msg = new SIWWeb3({
+  chain: "ethereum", // or "solana"
+  payload: {
+    domain: "example.com",
+    address: "0x...",
+    statement: "Sign in with Ethereum to the app.",
+    uri: "https://example.com",
+    version: "1",
+    chainId: 1,
+    nonce: "32891757",
+    issuedAt: new Date().toISOString(),
+  },
+});
+
+// Generate the EIP-4361 message to sign
+const messageToSign = msg.prepareMessage();
+
+// Verify a signature
+const { success, error } = await msg.verify(msg.payload, signature);
+```
+
+### Using chain-specific classes directly
+
+```typescript
+import { SIWE, SIWS } from "@web3auth/sign-in-with-web3";
+
+const ethMsg = new SIWE({ header, payload, signature });
+const solMsg = new SIWS(messageString);
+```
+
+### Registering a custom strategy
+
+```typescript
+import { SIWWeb3 } from "@web3auth/sign-in-with-web3";
+
+SIWWeb3.registerStrategy({
+  chain: "mychain",
+  parse: (msg) => new MyChainSIW(msg),
+  create: (params) => new MyChainSIW(params),
+});
+```
+
+## Architecture
+
+```
+src/
+  client.ts          — SIWWeb3 (main entry, strategy registry)
+  strategies/
+    base.ts          — SIWBase (abstract base class)
+    ethereum.ts      — SIWE + EIP-1271/6492 verifier
+    solana.ts        — SIWS + ed25519 verifier
+  regex.ts           — Shared message parsing
+  types.ts           — Shared types
+```
+
+## Exports
+
+| Export | Description |
+|---|---|
+| `SIWWeb3` | Main class with chain auto-detection and strategy registry |
+| `SIWBase` | Abstract base class for building custom chain strategies |
+| `SIWE` | Ethereum sign-in (EIP-4361) |
+| `SIWS` | Solana sign-in (SIP-99) |
+| `ethereumStrategy` | Ethereum strategy for registry |
+| `solanaStrategy` | Solana strategy for registry |
+| `eipVerifyMessage` | EIP-1271/6492 signature verification utility |
+
+## Migration from `@web3auth/sign-in-with-ethereum` / `@web3auth/sign-in-with-solana`
 
-Currently Sign-in with Web3 supports
+These packages have been deprecated and consolidated into this package.
 
-1. Ethereum
-2. Solana
-3. Starknet
+```diff
+- import { SIWEthereum } from "@web3auth/sign-in-with-ethereum";
+- import { SIWS } from "@web3auth/sign-in-with-solana";
++ import { SIWWeb3, ethereumStrategy, solanaStrategy, SIWE, SIWS } from "@web3auth/sign-in-with-web3";
++ SIWWeb3.registerStrategy(ethereumStrategy);
++ SIWWeb3.registerStrategy(solanaStrategy);
+```
 
-\*\*Support for more chains coming soon.
+Key changes from previous versions:
+- `SIWEthereum` has been renamed to `SIWE`
+- `network` property has been renamed to `chain`
+- `chain` is now required when constructing from an object
+- Strategies must be registered manually (no longer auto-registered)
 
-[Docs here](https://siww.web3auth.io)
+[Docs](https://siww.web3auth.io)