feat: add SEP-10 and SEP-24 anchor integration commands#26
Merged
Conversation
Implements `starforge sep auth` (SEP-10 Web Authentication) and `starforge sep deposit` (SEP-24 Hosted Deposits) with a shared StellarToml parser utility in src/utils/stellar_toml.rs. SEP-10 fetches the challenge XDR from WEB_AUTH_ENDPOINT, verifies manage_data ops and time bounds, signs with the local wallet key, and stores the returned JWT in ~/.starforge/data/sep10_tokens.json. SEP-24 uses the stored JWT to POST to TRANSFER_SERVER_SEP0024, opens the interactive deposit URL in the system browser, and polls the transaction status endpoint until completion.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Overview
StarForge is positioned as a full developer toolkit for Stellar, but had no tooling for Stellar Ecosystem Proposals (SEPs) — the integration protocols every real Stellar application depends on. This PR adds the two most universally needed SEPs: SEP-10 (Web Authentication) and SEP-24 (Hosted Deposits/Withdrawals), along with a shared
stellar.tomlparser utility.What's Changed
src/utils/stellar_toml.rs— Sharedstellar.tomlParserA new utility that fetches and parses
https://<domain>/.well-known/stellar.toml, extracting:WEB_AUTH_ENDPOINTTRANSFER_SERVER_SEP0024NETWORK_PASSPHRASESIGNING_KEYUsed by both SEP-10 and SEP-24 flows.
starforge sep auth— SEP-10 Web AuthenticationFlow:
stellar.tomlfrom the anchor domain → readsWEB_AUTH_ENDPOINTWEB_AUTH_ENDPOINT?account=<pubkey>→ receives challenge{transaction, network_passphrase}manage_datawith key"<anchor> auth"and 64-byte noncesha256(sha256(passphrase) || ENVELOPE_TYPE_TX || tx_body_xdr)DecoratedSignatureto the envelope and POSTs back to the anchor~/.starforge/data/sep10_tokens.jsonkeyed by anchor domainstarforge sep deposit— SEP-24 Hosted DepositFlow:
sep authautomatically if none stored)stellar.toml→ readsTRANSFER_SERVER_SEP0024/transactions/deposit/interactivewithAuthorization: Bearer <jwt>xdg-openon Linux,openon macOS)/transaction?id=<tx_id>every 5 seconds (up to 2 minutes) untilcompleted,error, orfailedFiles Changed
src/utils/stellar_toml.rsstellar.tomlfetch + parse utilitysrc/commands/sep.rssrc/commands/mod.rspub mod sepsrc/utils/mod.rspub mod stellar_tomlsrc/main.rsSeptoCommandsenum, dispatch, and telemetryClose #19