dmanjunath / hedgehog Goto Github PK

Hedgehog is alternative to Metamask that manages a user's private key and wallet on the browser. It exposes a simple API to allow you to create an authentication scheme to let users sign up and login to their wallet across multiple browsers and devices. hedgehog.audius.co.

With Hedgehog:

• 😍 Users can make accounts in your DApp with a username + password.
• 😱 Users don't have to worry about private keys, no mnemonics.
• 🔏 You can build systems that fund users' wallets, sign transactions, but never control those wallets directly.
• 🌇 You can focus on building your business logic, rather than managing wallets.

npm i --save @audius/hedgehog

Check out our full technical docs and api how-to.

For a quick browser-side demo, look no further. For a full end-to-end auth demonstration, see our demo repo.

Currently available wallets treat every transaction as if it were moving around your life’s savings. Hedgehog was built for use-cases involving low-to-no financial value.

NOTE: The primary improvement to end-user experience is by hiding wallet complexity and not forcing users to constantly confirm transactions - The opposite of what you’d want when moving significant money around.

Hedgehog isn’t right for every DApp. Massive improvements in user experience are only possible through tradeoffs. As a general rule Hedgehog should not be used for apps involving significant sums of money. As a bridge, one could start users on Hedgehog and suggest migrating to a more secure wallet if their stored value increases beyond a certain threshold; the Hedgehog paradigm is interoperable with existing web3 providers too.

[Good use cases]

• Signing data: If you’re building decentralized applications that rely on user signed data (eg. via EIP-712-esque signing schemes), Hedgehog could help simplify the experience if the stakes are low enough.
• Gaming DApp: Nothing ruins fun as much as signing transactions. If you’re building a gaming DApp that doesn’t use significant financial assets, improving UX is key.
• Decentralized Music Player: If you’re building consumer-facing DApps, Hedgehog will dramatically improve user experience and significantly increase your potential userbase.

[Bad use cases]

If your DApp involves moving around significant sums of money, then the tradeoff in security is most likely not worth it. Hedgehog’s primary improvement to end-user experience is by hiding the wallet and not forcing users to confirm transactions - The opposite of what you’d want when moving money around. We absolutely don’t recommend using Hedgehog in situations like these:

• Banking DApp
• Decentralized Lending
• Prediction Markets

Hedgehog is a package that lives in your front end application to create and manage a user's entropy (from which a private key is derived). Hedgehog relies on a username and password to create auth artifacts, so it's able to simulate a familiar authentication system that allows users to sign up or login from multiple browsers or devices and retrieve their entropy. Those artifacts, through hedgehog, are persisted to a backend of your choosing.

NOTE: A private key is only computed and available client side and is never transmitted or stored anywhere besides the user's browser.

// Provide getFn, setAuthFn, setUserFn as requests to your database/backend service (more details in docs).
const hedgehog = new Hedgehog(getFn, setAuthFn, setUserFn)
let wallet
if (hedgehog.isLoggedIn()) {
  wallet = hedgehog.getWallet()
} else {
  wallet = await hedgehog.login('username', 'password')
  // or
  wallet = await hedgehog.signUp('username', 'password')
}

After creating or retrieving a user's wallet, you can either fund their wallet directly to pay transaction fees or relay their transactions through a EIP-712 relayer.

More details in the docs.