hicetnunc2000 / hicetnunc

hicetnunc UI/UX
http://hicetnunc.xyz
800 stars 281 forks source link

User data: accessing NFT collectors' address #671

Open fabiomorreale opened 3 years ago

fabiomorreale commented 3 years ago

I would like to be able to access the NFT collectors' (owners) address, the same way as we are able to access the creator's and the viewer's. This feature could be used, for instance, to show some features of the NFT only to those that end up collecting it, thus would incentivise people on collecting the NFT. For instance:

Something like this:

?viewer={VIEWER_ADDRESS}&creator={CREATOR_ADDRESS}&collector={COLLECTOR_ADDRESS}
const creator = new URLSearchParams(window.location.search).get('creator')
const viewer = new URLSearchParams(window.location.search).get('viewer')
const collector = new URLSearchParams(window.location.search).get('collector')

Clearly, the const collector would be an array in case the OBJKT is owned by multiple individuals.

kylegrover commented 3 years ago

This would also be solvable if the objkt ID was passed to the iframe, by querying APIs

pichiste commented 3 years ago

@fabiomorreale, just to rephrase the the issue, you basically want owners to be able to unlock certain features of the OBJKT, that the general public doesn't have access to, correct?

I think this is a super good use case but a bit more complex than passing in a query param. The issue is that, even if we pass in a collector value, there is currently no way to enforce this, in the sense that someone can just add the collector value to the URL of the iframe, and see the content as a collector. The wallet addresses of the collectors are visible to anyone via the API.

@kylegrover passing the OBJKT id is a good suggestion in that you can more freely query the API as needed, but it again has the enforcement issue.

Seems like instead we'd want to pass some kind of encrypted nonce that can be verified against the collector wallet somehow. Need to check with some of the backend devs about this.

pichiste commented 3 years ago

If we are ok with the non-enforced version of this though, I'd suggest we just pass an is_owner query param.

fabiomorreale commented 3 years ago

@fabiomorreale, just to rephrase the the issue, you basically want owners to be able to unlock certain features of the OBJKT, that the general public doesn't have access to, correct?

Precisely!

I think this is a super good use case but a bit more complex than passing in a query param. The issue is that, even if we pass in a collector value, there is currently no way to enforce this, in the sense that someone can just add the collector value to the URL of the iframe, and see the content as a collector. The wallet addresses of the collectors are visible to anyone via the API.

That is true, I haven't thought of that. However, that requires a few extra steps.

Seems like instead we'd want to pass some kind of encrypted nonce that can be verified against the collector wallet somehow. Need to check with some of the backend devs about this. If we are ok with the non-enforced version of this though, I'd suggest we just pass an is_owner query param.

It'd be great if you could check with the devs whether it is possible to run a verification with the viewer's wallet and return is_owner = true if the viewer owns the NFT. If that's not possible or requires too much work even a non-enforced version would be great!

Thanks for looking into this.

kylegrover commented 3 years ago

I believe this would be addressed by #513