Documentation
¶
Overview ¶
Package auth provides cryptographic primitives for Polymarket authentication. It supports L1 (EIP-712) signing for account management and L2 (HMAC) signing for high-frequency trading operations. It also includes utilities for deterministic wallet derivation (Proxy and Gnosis Safe).
Index ¶
- Constants
- Variables
- func BuildL1Headers(signer Signer, timestamp int64, nonce int64) (http.Header, error)
- func BuildL2Headers(signer Signer, apiKey *APIKey, method, path string, body *string, ...) (http.Header, error)
- func DeriveProxyWallet(eoa common.Address) (common.Address, error)
- func DeriveProxyWalletForChain(eoa common.Address, chainID int64) (common.Address, error)
- func DeriveSafeWallet(eoa common.Address) (common.Address, error)
- func DeriveSafeWalletForChain(eoa common.Address, chainID int64) (common.Address, error)
- func SignHMAC(secret string, message string) (string, error)
- type APIKey
- type BuilderConfig
- type BuilderCredentials
- type BuilderHTTPDoer
- type BuilderRemoteConfig
- type PrivateKeySigner
- type SignatureType
- type Signer
Constants ¶
const ( PolygonChainID int64 = 137 AmoyChainID int64 = 80002 )
Supported chain IDs for Polymarket operations.
const ( // ProxyFactoryAddress is the factory contract for Polymarket Proxy wallets (Magic/email). ProxyFactoryAddress = "0xaB45c5A4B0c941a2F231C04C3f49182e1A254052" // SafeFactoryAddress is the factory contract for Gnosis Safe wallets. SafeFactoryAddress = "0xaacFeEa03eb1561C4e67d661e40682Bd20E3541b" // ProxyInitCodeHash is the init code hash for Polymarket Proxy wallets. ProxyInitCodeHash = "0xd21df8dc65880a8606f09fe0ce3df9b8869287ab0b058be05aa9e8af6330a00b" // SafeInitCodeHash is the init code hash for Gnosis Safe wallets. SafeInitCodeHash = "0x2bce2127ff07fb632d16c8347c4ebf501f4841168bed00d9e6ef715ddb6fcecf" )
Constants for Proxy Wallet Derivation.
const ( HeaderPolyAddress = "POLY_ADDRESS" HeaderPolySignature = "POLY_SIGNATURE" HeaderPolyTimestamp = "POLY_TIMESTAMP" HeaderPolyNonce = "POLY_NONCE" HeaderPolyAPIKey = "POLY_API_KEY" HeaderPolyPassphrase = "POLY_PASSPHRASE" HeaderPolyBuilderAPIKey = "POLY_BUILDER_API_KEY" HeaderPolyBuilderPassphrase = "POLY_BUILDER_PASSPHRASE" HeaderPolyBuilderSignature = "POLY_BUILDER_SIGNATURE" HeaderPolyBuilderTimestamp = "POLY_BUILDER_TIMESTAMP" )
Authentication header keys used by Polymarket API.
Variables ¶
var ( // Use unified error definitions from pkg/errors ErrMissingSigner = sdkerrors.ErrMissingSigner ErrMissingCreds = sdkerrors.ErrMissingCreds ErrMissingBuilderConfig = sdkerrors.ErrMissingBuilderConfig ErrProxyWalletUnsupported = sdkerrors.ErrProxyWalletUnsupported ErrSafeWalletUnsupported = sdkerrors.ErrSafeWalletUnsupported )
var ClobAuthDomain = &apitypes.TypedDataDomain{ Name: "ClobAuthDomain", Version: "1", ChainId: (*math.HexOrDecimal256)(big.NewInt(PolygonChainID)), }
ClobAuthDomain is the EIP-712 domain used for CLOB authentication requests.
var ClobAuthTypes = apitypes.Types{
"EIP712Domain": {
{Name: "name", Type: "string"},
{Name: "version", Type: "string"},
{Name: "chainId", Type: "uint256"},
},
"ClobAuth": {
{Name: "address", Type: "address"},
{Name: "timestamp", Type: "string"},
{Name: "nonce", Type: "uint256"},
{Name: "message", Type: "string"},
},
}
ClobAuthTypes defines the EIP-712 type schemas for CLOB authentication.
Functions ¶
func BuildL1Headers ¶
BuildL1Headers creates the L1 authentication headers required for API key management. It generates an EIP-712 signature over a standard authentication message.
func BuildL2Headers ¶
func BuildL2Headers(signer Signer, apiKey *APIKey, method, path string, body *string, timestamp int64) (http.Header, error)
BuildL2Headers returns the headers required for an HMAC-authenticated L2 request.
func DeriveProxyWallet ¶
DeriveProxyWallet calculates the deterministic Proxy Wallet address for an EOA. Corresponds to the `derive_proxy_wallet` logic in official clients. Defaults to Polygon Mainnet.
func DeriveProxyWalletForChain ¶
DeriveProxyWalletForChain calculates the deterministic Proxy Wallet address for an EOA on a specific chain.
func DeriveSafeWallet ¶
DeriveSafeWallet calculates the deterministic Gnosis Safe address for an EOA. Corresponds to the `derive_safe_wallet` logic in official clients. Defaults to Polygon Mainnet.
func DeriveSafeWalletForChain ¶
DeriveSafeWalletForChain calculates the deterministic Gnosis Safe address for an EOA on a specific chain.
Types ¶
type APIKey ¶
APIKey represents the Layer 2 credentials used for HMAC-signed requests. These are typically created or derived using a Layer 1 (EIP-712) signature.
type BuilderConfig ¶
type BuilderConfig struct {
Local *BuilderCredentials
Remote *BuilderRemoteConfig
}
BuilderConfig holds configuration for either local or remote builder attribution.
func (*BuilderConfig) Headers ¶
func (c *BuilderConfig) Headers(ctx context.Context, method, path string, body *string, timestamp int64) (http.Header, error)
Headers returns the attribution headers for a given request.
func (*BuilderConfig) IsValid ¶
func (c *BuilderConfig) IsValid() bool
IsValid returns true if the configuration has sufficient credentials.
type BuilderCredentials ¶
BuilderCredentials represents credentials for a Builder account.
type BuilderHTTPDoer ¶
BuilderHTTPDoer defines an interface for executing HTTP requests for remote signing.
type BuilderRemoteConfig ¶
type BuilderRemoteConfig struct {
// Host is the endpoint of the remote signing service.
Host string
// Token is an optional bearer token for authenticating with the signer.
Token string
// HTTPClient allows providing a custom client for signing requests.
HTTPClient BuilderHTTPDoer
}
BuilderRemoteConfig configures a remote signing service for builder attribution.
type PrivateKeySigner ¶
type PrivateKeySigner struct {
// contains filtered or unexported fields
}
PrivateKeySigner implements the Signer interface using a local ECDSA private key.
func NewPrivateKeySigner ¶
func NewPrivateKeySigner(hexKey string, chainID int64) (*PrivateKeySigner, error)
NewPrivateKeySigner creates a new signer from a hex-encoded private key. The hexKey may optionally include a "0x" prefix.
func (*PrivateKeySigner) Address ¶
func (s *PrivateKeySigner) Address() common.Address
Address returns the public address of the private key.
func (*PrivateKeySigner) ChainID ¶
func (s *PrivateKeySigner) ChainID() *big.Int
ChainID returns the network ID this signer is configured for.
func (*PrivateKeySigner) SignTypedData ¶
func (s *PrivateKeySigner) SignTypedData(domain *apitypes.TypedDataDomain, types apitypes.Types, message apitypes.TypedDataMessage, primaryType string) ([]byte, error)
SignTypedData signs EIP-712 typed data. It ensures the V value is correctly adjusted for compatibility with Ethereum's expected 27/28 values.
type SignatureType ¶
type SignatureType int
SignatureType indicates the wallet type used for signature verification on the CLOB.
const ( // SignatureEOA indicates a standard Externally Owned Account (EOA). SignatureEOA SignatureType = 0 // SignatureProxy indicates a signature from a Polymarket Proxy wallet. // Magic.link wallets use the same proxy factory, so SignatureProxy covers both. SignatureProxy SignatureType = 1 // SignatureGnosisSafe indicates a signature from a Gnosis Safe multisig. SignatureGnosisSafe SignatureType = 2 )
type Signer ¶
type Signer interface {
// Address returns the Ethereum address of the signer.
Address() common.Address
// ChainID returns the network ID this signer is configured for.
ChainID() *big.Int
// SignTypedData signs data according to the EIP-712 specification.
SignTypedData(domain *apitypes.TypedDataDomain, types apitypes.Types, message apitypes.TypedDataMessage, primaryType string) ([]byte, error)
}
Signer defines the interface for an EIP-712 capable signing entity. It can be implemented by a local private key, a hardware wallet, or a KMS.
Source Files
Directories