POAP is dividided in the following applications/projects:
- eth: ZeppelinOS project with POAP Contracts
- website: Public website. Static website for poap
- server: POAP's api server. All server logic goes here
- client: React web application that represents the UI of the application. Uses server as backend.
- signer: Signer server, to be deployed on the event site in a private network address.
Other directories:
- scripts: utility scripts
- db: SQL Schema and dump for poap
POAP app is composed of:
- POAP NFT Contract. Ethereum smart contract that represents an NFT token. Each token represent a attestation of attendance to a given event. Thus, token holders can attest their attendance to events by holding tokens.
- PostgresSQL DB. Relational DB that maintains information about the events in POAP. New events can be added through the backoffice. It's currently deployed as a Google Cloud SQL database
- Backend Server. Node.js server backend. Provides an API to scan an address, claim a token, and backoffice administration tasks. Interacts with the database, and also with the smart contract.
- Client. React application, hosted in firebase. It provides a UI for claim, scan and the backoffice. All operations goes through the backend server API.
- Signer. Small node.js server, that plays an important part on the attestation protocol. The client access it during the claim
procedure. The event organizer runs it as a npm module with
npx poap-signer
. One signers is to be deployed for every event, on the event site.
Poap attestation protocol works by deploying a signer in the venue of the event. The signer is to be deployed on an private ip, that's only accesible by those who are on the local wifi network. Thus, if you can reach the signer, that "attest" that you are on the venue for that event.
Claim steps:
- The user enters the claim url on the client app:
https://app.poap.xyz/claim/{my-event}
- The client app, obtains the signer ip from the backend api; and tests it can connect to it.
- The client app, obtains the user's address from the user's wallet (Metamask for example)
- The client app, post a claim request to the signer, with the user's address.
- The signer service, receives the claim request, validates it's for the correct event, and cryptographicaly signs the request.
- The client app ask the user to signed the "signed claim request" it has receieved from the signer.
- The client app sends the double signed claim request (signed by the user and the signer) to the backend server
- The backend server, checks the correctness of both signatures and if everyting ok call the smart contract to mint a token for the user
Poap contract is already deployed in:
- Ropsten
0x50C5CA3e7f5566dA3Aa64eC687D283fdBEC2A2F2
- Mainnet
0x22C1f6050E56d2876009903609a2cC3fEf83B415
yarn install
(cd server; yarn install)
(cd client; yarn install)
(cd eth; yarn install)
You'll need a postgresDB database. Install postgresql and then:
sudo su - postgres # Don't needed in Mac
createuser -s -W -P poap # (enter poap as password)
createdb -O poap poap_dev # dev database
createdb -O poap poap_test # test database
logout # Don't needed in Mac
on project's root:
yarn db:reset
yarn ganache
After each time you run ganache, you'll need to deploy contracts:
yarn contracts:deploy:dev
yarn contracts:migrate:dev # optional: to migrate current mainnet token holders
copy env.txt file in /server/src/envs to /server
replace the variables inside with yours
From root folder:
yarn start:client
yarn start:server
cd eth/
Update zos.json contracts from Poap to XPoap
npx zos session --network xdai --from 0xe583f95bF95d0883F94EfE844442C8bfc9dd7A7F --expires 3600
npx zos push
npx zos create XPoap --init initialize --args '"POAP","The Proof of Attendance Protocol","https://api.poap.xyz/metadata/",[]'
This was already done. The XPOAP Address is: 0x22C1f6050E56d2876009903609a2cC3fEf83B415
cd eth/
npx zos session --network ropsten --from 0x79A560De1CD436d1D69896DDd8DcCb226f9Fa2fD --expires 3600
npx zos push
npx zos create Poap --init initialize --args '"POAP","The Proof of Attendance Protocol","https://api.poap.xyz/metadata/",[]'
This was already done. The POAP Address is: 0x50C5CA3e7f5566dA3Aa64eC687D283fdBEC2A2F2
cd eth/
export POAP_MAIN_PK="<KEYHERE>"
npx zos session --network mainnet --from 0xe583f95bF95d0883F94EfE844442C8bfc9dd7A7F --expires 3600
npx zos push
npx zos create Poap --init initialize --args '"POAP","The Proof of Attendance Protocol","https://api.poap.xyz/metadata/",[]'
This was already done. The POAP Address is: 0x22C1f6050E56d2876009903609a2cC3fEf83B415
If you change contract logic and want to update it:
# Make sure there is no running session for zos (check for existent eth/.zos.session )
cd eth/
npx zos session --network ropsten --from 0x79A560De1CD436d1D69896DDd8DcCb226f9Fa2fD --expires 3600
npx zos push
npx zos update Poap
cd website
yarn deploy # Will build & run firebase deploy
cd client
yarn deploy # Will build & run firebase deploy
Prerequisites:
- Make sure you have the
app.yaml
inserver/
. This file is not in the github repository - Make sure you have google-cloud-skd installed and in your $PATH.
- Maker sure you have already run
gcloud init
Steps:
cd server/
gcloud app deploy --verbosity=info
for poap you have to create a 'SINGLE PAGE APLICATION' and an 'API' in auth0.
then you have to set the following .env variables:
- server:
- AUTH0_APP_NAME= {it is the sub domain of the app url}
- AUTH0_KID= {it is in the app description}
- AUTH0_AUDIENCE= {it is the identifier in the API general settings}
- client:
- REACT_APP_AUTH0_DOMAIN={entire domain of the app}
- REACT_APP_AUTH0_CLIENT_ID={client id of the SINGLE PAGE APP}
- REACT_APP_AUTH0_AUDIENCE={same audience as server}
also you have to create a rule:
- first you have to enable RBAC:
-
then create the rule with this script code:
const namespace = 'https://poap.xyz'; const assignedRoles = (context.authorization || {}).roles; let idTokenClaims = context.idToken || {}; let accessTokenClaims = context.accessToken || {}; idTokenClaims[`${namespace}/roles`] = assignedRoles; accessTokenClaims[`${namespace}/roles`] = assignedRoles; context.idToken = idTokenClaims; context.accessToken = accessTokenClaims; callback(null, user, context); }```
create user roles in auth0 using the role 'UserRole' in /server/src/types.ts