Skip to main content

Authentication

In this section, we have created a simple Twitter clone and discuss how authentication is implemented in both Solidity and Rell.

Solidity

In Solidity, authentication is inherently built into the language. By using msg.sender, you can get the address of the entity (person or contract) that initiated the current function call. This is commonly used to authenticate and authorize function calls.

For example, to add a post to a user's account:

Solidity
function createPost(string memory _text) public {
    Post memory newPost = Post(_text, block.timestamp);
    users[msg.sender].posts.push(newPost);
}

You can also restrict access to certain functions by using msg.sender. For instance, administrative functions can be restricted to the contract deployer using the require function:

require(msg.sender == owner, "Only the owner can call this function.");

Rell

In Rell, authentication is handled using the FT4 library. It operates similarly to Solidity's msg.sender but requires setting up an authentication handler. You use auth.authenticate() to authenticate and fetch the user.

First, set up the auth handler as an extension:

Rell
import lib.ft4.auth;

@extend(auth.auth_handler)
function () = auth.add_auth_handler(
    flags = ["MySession"]
);

Here's an example of how to modify a create_post operation with authentication in Rell:

Rell
entity user {
    mutable name;
    key id: byte_array;
    key account: byte_array;
}

operation create_post(user_id : byte_array, content: text) {
    var account = auth.authenticate();
    create Post ( user @ { account }, content = content );
}

Just like in Solidity, the authentication process in Rell is straightforward and integrates seamlessly into the code.

For owner-specific operations, you can define an owner user in your blockchain configuration and use require to enforce restrictions:

Rell
require(op_context.is_signer(owner), "Only the owner can call this operation");

Both Solidity and Rell provide efficient ways to handle authentication:

  1. Solidity: Uses msg.sender for authentication and authorization.
  2. Rell: Utilizes the FT4 library for authentication, with auth.authenticate() to fetch the authenticated user.

You can learn more about FT4 and Authentication in Rell here.