Login/Register
Handling user profiles in Ethereum DApps
Asked Answered
Solved blockchainethereumsolidityipfs
J

1

18

I'm in the process of creating an Ethereum DApp. The DApp consists of users who have associated data like email, name, and a profile picture. I would like to store the contents of the user within IPFS as a JSON object and reference this on chain using the IPFS hash. How could I go about associating this data with a particular user? In the sense, that subsequent interactions with the DApp connect the user with the data stored in IPFS. Is this done using the users account hash with a password of some sort?

For example, user A is interested in using the DApp and so, provides his or her email, name, and profile picture. Then any subsequent interaction with the DApp, like a comment or post would link this user to the respective user data in IPFS.

Any suggestions or adjustments to this way of modeling users would be greatly appreciated. Thanks!

(P.S. I come from the traditional web/mobile app world so I'm just getting accustomed to modeling things using smart contracts. So I apologize in advance if this is a simple or ill-structured question.)

Juridical answered 28/2, 2017 at 22:38 Comment(0)
B
18

One of the beauties of using a platform like Ethereum is that you can build a ZERO click login. If we establish that the user's web3.eth.accounts[0] is proof that the user controls the private key of that account's address, then you will always know that the user is valid.

If you want to use IPFS like a database, my suggested approach would be this:

Note that with most decentralised systems a lot of the action happens on the client side.

User Signup

  • Users have Ethereum accounts.
  • On sign up user data is collected into a JSON object
  • A file is created, write JSON object to file.
  • Pass file to IPFS
  • Get file hash (which is basically its IPFS location)
  • Store the IPFS hash in an Ethereum contract that associates the user's Ethereum account with the IPFS file hash.

User Validation

  • User visits the website
  • web3js gets the active Ethereum account
  • Read from the user contract to find the associated IPFS hash
  • Get file from IPFS
  • Read the JSON object
  • Extract the data from the JSON
  • Display data to user
Bortz answered 1/3, 2017 at 22:20 Comment(3)
Thanks for the great response! You clarified a considerable amount of my confusion. I'm going to model this using IPFS with your approach. I think what I couldn't quite grasp was the idea of the user being tied to an ethereum account which can be accessed through a special DApp browser. So essentially in order for the user to interact with any DApp they would need to have mist installed locally which would require the DApp to be a client application. Or if it is going to be a website, they would need MetaMask installed, so that web3 could be used to retrieve their account.Juridical
top notch response i didnt know this is how it works thanks !!Gunsmith
is it possible for a malicious user to inject his own fake object web3 (using the javascript console in the browser) with accounts[0] address set to someone else's, and fool the "zero click login" system to gain access to such a DApp? Obviously, he'd not be able to transact, but might be able to view things which aren't viewable normally?Viglione

© 2022 - 2024 — McMap. All rights reserved.