About | Implementation | License

Simple implementation of ERC20 token-gating GitHub repositories.

Fueled by Mike's tweet.

1. Users login with GitHub OAuth, we store their access token to take actions on their behalf.
2. Users can create new Gates for their repositories, specifying contract address, number of tokens needed, and number of invites to open. In the back-end, token name + decimals, and current latest block number is stored.
3. Users can share links to Gates.
4. Upon accessing a Gate invitation, users can sign-in with GitHub (again giving us their access token). Then, they connect their wallet and sign a message to verify ownership for our back-end.
5. Finally, in /api/gates/access we run a multi-step process:
   1. Check that requesting user is authenticated
   2. Check that all parameters have been posted (address, signature, gated repo ID)
   3. Verify address ownership by matching address to signature
   4. Check if gated repo by ID exists
   5. Check if gated repo has available open invitations
   6. Check if address held necessary balance at block number
   7. Check if we have access token for requesting user
   8. Check if requesting user is not already a collaborator on private repo
   9. Check if we have access token for private repo owner
   10. Send invite from owner to requesting user to join private repo
   11. Accept invite from owner via requesting user to join private repo
   12. Increment number of used invites (decreasing available slots)

# Collect repo
git clone https://github.com/anish-agnihotri/GateRepo
cd GateRepo

# Install dependencies
npm install

# Update environment variables
cp .env.sample .env
vim .env

# Run application
npm run dev

1. NEXTAUTH_URL and NEXT_PUBLIC_URL: Set both as site link, http://localhost:3000 if developing locally, https://gaterepo.com for this deployed instance
2. NEXTAUTH_SECRET: Any randomly generated string as a secret, e.g.: NpUFdWakhCjbuIIogCvj
3. GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET: Follow the instructions here for spinning up a new GitHub OAuth application. When asked, the authorization callback URL is http://localhost:3000/api/auth/callback/github (local) or https://your_domain.com/api/auth/callback/github (deployed). Once setup, your OAuth applications Client ID is your GITHUB_CLIENT_ID and your Client Secret is your GITHUB_CLIENT_SECRET
4. DATABASE_URL: Postgres database connection URL
5. RPC_API: Any Ethereum Mainnet JSON-RPC endpoint

1. GitHub API has a rate-limit of sending a maximum of 50 invitations for a repository per 24 hour period.
2. Application does not run a scheduled job to check continuing token ownership (to remove users who transfer their tokens). This is deferred to the user if desired functionality.
3. Application currently only supports ERC20 tokens but is easily extensible to other token formats by updating the snapshot strategy in /pages/api/gates/access.ts.
4. Allows a single address to verify token ownership on behalf of multiple GitHub users (not a one-to-one between GitHub users and addresses). Easily changeable should user require uniqueness by tracking address-to-gateId in database in /pages/api/gates/access.ts.
5. GitHub OAuth scopes are fairly invasive (repo,read:user,user:email). If you are privacy-aware, I'd recommended running your own fork or migrating to an app-based system?

GNU Affero GPL v3.0