search

amark / gun

An open source cybersecurity protocol for syncing decentralized graph data.
https://gun.eco/docs
Other
18.05k stars 1.16k forks source link

Run without needing user authentication/accounts (no passwords or encryption of data) #1227

Closed Osiris-Team closed 2 years ago

Osiris-Team commented 2 years ago

It looks like GUN requires users to create accounts to be able to share data. Is there a way of bypassing this? I'm asking because my application doesn't store sensitive data and everyone should be able to access every data, and I don't want to have an extra step for user registration.

I was thinking maybe by using the users IP as username for example and then a random generated string of chars as password, which gets stored in the browser somewhere? Or is it possible to create one single user that everyone logs in to. That would mean that all data is by default being updated for everyone which isn't great.

atordvairn commented 2 years ago

assuming that you need a node everyone can access and write to:

public space, user space, frozen space is all well documented

also, the chat is the fastest method to ask questions.

Osiris-Team commented 2 years ago

So adding public___ makes it a public node? Also, the doc ur linking to doesn't show code examples on how to achieve those different spaces. Thanks for the help btw! (the chat is down)

atordvairn commented 2 years ago

So adding public___ makes it a public node?

no no no, basically any node is a public

exept user controlled nodes are like

gun.user().get("myOwnNode").get("key").put("val")

here, the data is being fetched from the user's own graph note that anyone can read the data but cant write changes into it you have to encrypt the data (with the user's private key maybe) to make it read as well as write resistant.

atordvairn commented 2 years ago

idk why the chat url is down it basically redirects to this one https://gitter.im/amark/gun

Osiris-Team commented 2 years ago

Ok got it. What about this:

I was thinking maybe by using the users IP as username for example and then a random generated string of chars as password, which gets stored in the browser somewhere? Or is it possible to create one single user that everyone logs in to. That would mean that all data is by default being updated for everyone which isn't great.

atordvairn commented 2 years ago

Or is it possible to create one single user that everyone logs in to.

why would you do that. what's the use case

Osiris-Team commented 2 years ago

the use case is that I dont want to have an extra step for my user to register.

atordvairn commented 2 years ago

use SEA.pair maybe

var user1 = await SEA.pair();
gun.user().auth(user1, ()=>{
  //logged in without creds
})

This generates a cryptographically secure public/private key pair - be careful not to leak the private keys!

Note: API subject to change we may change the parameters to accept data and work, in addition to generation.

You will need this for most of SEA's API, see those method's examples.

The default cryptographic primitives for the asymmetric keys are ECDSA for signing and ECDH for encryption.

Osiris-Team commented 2 years ago

Ok great thx for the help!

atordvairn commented 2 years ago

my application doesn't store sensitive data and everyone should be able to access every data, and I don't want to have an extra step for user registration.

bro why not just store data in public nodes then, you dont need registration to store data into public nodes

if you want to append only data then use frozen storage