{"id":15321823,"url":"https://github.com/codehakase/mobius-client-go","last_synced_at":"2025-06-26T20:33:34.779Z","repository":{"id":86392132,"uuid":"142904043","full_name":"codehakase/mobius-client-go","owner":"codehakase","description":"Go (Golang) SDK for the Mobius DApp Store","archived":false,"fork":false,"pushed_at":"2018-10-19T20:46:14.000Z","size":1449,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-27T14:52:00.560Z","etag":null,"topics":["blockchain","golang","mobius","mobius-dapp-store","mobius2","sdk"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/codehakase.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-07-30T16:59:01.000Z","updated_at":"2018-10-25T16:44:37.000Z","dependencies_parsed_at":"2023-06-28T00:24:46.726Z","dependency_job_id":null,"html_url":"https://github.com/codehakase/mobius-client-go","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/codehakase/mobius-client-go","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codehakase%2Fmobius-client-go","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codehakase%2Fmobius-client-go/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codehakase%2Fmobius-client-go/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codehakase%2Fmobius-client-go/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/codehakase","download_url":"https://codeload.github.com/codehakase/mobius-client-go/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codehakase%2Fmobius-client-go/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262140094,"owners_count":23265285,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blockchain","golang","mobius","mobius-dapp-store","mobius2","sdk"],"created_at":"2024-10-01T09:13:13.331Z","updated_at":"2025-06-26T20:33:34.707Z","avatar_url":"https://github.com/codehakase.png","language":"Go","readme":"[![Build Status](https://travis-ci.org/codehakase/mobius-client-go.svg?branch=master)](https://travis-ci.org/codehakase/mobius-client-go)\u0026nbsp;[![godoc reference](https://godoc.org/github.com/codehakase/mobius-client-go?status.png)](https://godoc.org/github.com/codehakase/mobius-client-go)\n\n# Mobius DApp Store Go SDK\n\nThe Mobius DApp Store JS SDK makes it easy to integrate Mobius DApp Store MOBI payments into any Go application.\n\nA big advantage of the Mobius DApp Store over centralized competitors such as the Apple App Store or Google Play Store is significantly lower fees - currently 0% compared to 30% - for in-app purchases.\n\n## DApp Store Overview\n\nThe Mobius DApp Store will be an open-source, non-custodial \"wallet\" interface for easily sending crypto payments to apps. You can think of the DApp Store like https://stellarterm.com/ or https://www.myetherwallet.com/ but instead of a wallet interface it is an App Store interface.\n\nThe DApp Store is non-custodial meaning Mobius never holds the secret key of either the user or developer.\n\nAn overview of the DApp Store architecture is:\n\n- Every application holds the private key for the account where it receives MOBI.\n- An application specific unique account where a user deposits MOBI for use with the application is generated for each app based on the user's seed phrase.\n- When a user opens an app through the DApp Store:\n  1) Adds the application's public key as a signer so the application can access the MOBI and\n  2) Signs a challenge transaction from the app with its secret key to authenticate that this user owns the account. This prevents a different person from pretending they own the account and spending the MOBI (more below under Authentication).\n\n### Installation\nInstall with `go get`\n```shell\n$ go get github.com/codehakase/mobius-client-go\n```\n\n## Production Server Setup\nYour production server must use HTTPS and set the below header on the `/auth` endpoint:\n\n`Access-Control-Allow-Origin: *`\n\n### Explanation\nWhen a user opens an app through the DApp Store it tells the app what Mobius account it should use for payment.\n\nThe application needs to ensure that the user actually owns the secret key to the Mobius account and that this isn't a replay attack from a user who captured a previous request and is replaying it.\n\nThis authentication is accomplished through the following process:\n\nWhen the user opens an app in the DApp Store it requests a challenge from the application.\nThe challenge is a payment transaction of 1 XLM from and to the application account. It is never sent to the network - it is just used for authentication.\nThe application generates the challenge transaction on request, signs it with its own private key, and sends it to user.\nThe user receives the challenge transaction and verifies it is signed by the application's secret key by checking it against the application's published public key (that it receives through the DApp Store). Then the user signs the transaction with its own private key and sends it back to application along with its public key.\nApplication checks that challenge transaction is now signed by itself and the public key that was passed in. Time bounds are also checked to make sure this isn't a replay attack. If everything passes the server replies with a token the application can pass in to \"login\" with the specified public key and use it for payment (it would have previously given the app access to the public key by adding the app's public key as a signer).\nNote: the challenge transaction also has time bounds to restrict the time window when it can be used.\n\nSee demo at:\n\n```shell\n$ git clone https://github.com/codehakase/mobius-client-go.git $GOPATH/src/github.com/codehakase/mobius-client-go\n\n$ cd $GOPATH/src/github.com/codehakase/mobius-client-go/example\n\n$ go run main.go \n\n# navigate to http://localhost:3000 for demo\n\n```\n\n### Sample Server Implementation\n\n```go\npackage main\n\nimport (\n\t\"net/http\"\n\t\"encoding/json\"\n\n\tMobiusAuth \"github.com/codehakase/mobius-client-go/auth\"\n\t\"github.com/gorilla/mux\"\n\t\"github.com/rs/cors\"\n)\nvar  APPLICATION_SECRET_KEY string\n\nfunc init() {\n\tos.Getenv(\"APPLICATION_SECRET_KEY\")\n}\n\nfunc main() {\n\tr := mux.NewRouter()\n\t// GET /auth\n\t// Generates and returns challenge transaction XDR signed by application to user\n\tr.HandleFunc(\"/auth\", func (w http.ResponseWriter, r *http.Request) {\n\t\tw.Header().Set(\"Content-Type\", \"application/json;charset=utf-8\")\n\t\tchl := new(MobiusAuth.Challenge)\n\t\tw.WriteHeader(http.StatusOK)\n\t\tw.Write([]byte((chl.Call(APPLICATION_SECRET_KEY, 0))))\n\t}).Methods(\"GET\")\n\n\t// POST /auth\n\t// Validates challenge transaction. It must be:\n\t//  - Signed by application and requesting user.\n\t//  - Not older than 10 seconds from now (see MobiusClient.Client.strictInterval`)\n\tr.HandleFunc(\"/auth\", func(w http.ResponseWriter, r *http.Request) {\n\t\terr := r.ParseForm()\n\t\tif err != nil {\n\t\t\thttp.Error(w, err.Error(), http.StatusInternalServerError)\n\t\t\treturn\n\t\t}\n\t\tw.Header().Set(\"Content-Type\", \"application/json;charset=utf-8\")\n\t\ttoken, err := MobiusAuth.NewToken(\n\t\t\tAPPLICATION_SECRET_KEY,\n\t\t\tr.FormValue(\"xdr\"),\n\t\t\tr.FormValue(\"public_key\"),\n\t\t)\n\t\tif err != nil {\n\t\t\thttp.Error(w, err.Error(), 500)\n\t\t}\n\t\t// Important! Otherwise, token will be considered valid\n\t\tif _, err := token.Validate(true); err != nil {\n\t\t\tlog.Fatal(err)\n\t\t}\n\t\tw.WriteHeader(http.StatusOK)\n\t\th := token.Hash(\"hex\").(string)\n\t\tw.Write([]byte(h))\n\t}).Methods(\"POST\")\n\n\tc := cors.New(cors.Options{\n\t\tAllowedOrigins:   []string{\"*\"},\n\t\tAllowCredentials: true,\n\t\tAllowedHeaders: []string{\"Origin\", \"X-Requested-With\", \"Content-Type\",\n\t\t\t\"Accept\"},\n\t})\n\tr.PathPrefix(\"/\").Handler(http.StripPrefix(\"/\", http.FileServer(http.Dir(\"./\"))))\n\thandler := c.Handler(r)\n\tlog.Println(\"Starting app server...\")\n\tlog.Fatal(http.ListenAndServe(\":3000\", handler))\n}\n```\n\n\u003e More examples can be found in the `examples` directory\n## Payment\n\n### Explanation\nAfter the user completes the authentication process they have a token. They now\npass it to the application to \"login\" which tells the application which Mobius\naccount to withdraw MOBI from (the user public key) when a payment is needed.\nFor a web application the token is generally passed in via a token request\nparameter. Upon opening the website/loading the application it checks that the\ntoken is valid (within time bounds etc) and the account in the token has added\nthe app as a signer so it can withdraw MOBI from it.\n\n\u003e See demo at `examples/flappy`\n\n### Sample Server Implementation\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\t\"log\"\n\t\"net/http\"\n\t\"os\"\n\t\"strconv\"\n\n\t\"github.com/codehakase/mobius-client-go/app\"\n\t\"github.com/codehakase/mobius-client-go/auth\"\n\tjwt \"github.com/dgrijalva/jwt-go\"\n\t\"github.com/gorilla/mux\"\n\t\"github.com/rs/cors\"\n)\n\nvar APP_KEY string\n\nfunc init() {\n\tAPP_KEY = os.Getenv(\"APPLICATION_SECRET_KEY\")\n}\n\nfunc main() {\n\tr := mux.NewRouter()\n\t\n\tr.HandleFunc(\"/pay\", func(w http.ResponseWriter, r *http.Request) {\n\t\t\tw.Header().Set(\"Content-Type\", \"application/json;charset=utf-8\")\n\t\t\tpublicKey := getPublicKeyFromToken(r.URL.Query().Get(\"token\"))\n\t\t\terr := r.ParseForm()\n\t\t\tif err != nil {\n\t\t\t\tlog.Fatalf(\"failed to parse request, %v\", err)\n\t\t\t}\n\t\t\tvar amount float64\n\t\t\tif r.FormValue(\"amount\") != \"\" {\n\t\t\t\tamount, _ = strconv.ParseFloat(r.FormValue(\"amount\"), 64)\n\t\t\t} else {\n\t\t\t\tamount = 1\n\t\t\t}\n\t\t\tdapp, err := app.Build(APP_KEY, publicKey)\n\t\t\tif err != nil {\n\t\t\t\tlog.Fatal(err)\n\t\t\t}\n\t\t\tres, err := dapp.Charge(amount)\n\t\t\tif err != nil {\n\t\t\t\tlog.Fatal(err)\n\t\t\t}\n\t\t\tw.WriteHeader(http.StatusOK)\n\t\t\tw.Write([]byte(fmt.Sprintf(\n\t\t\t\t\"{'status': 'ok','tx_hash': '%s','balance': %v}\",\n\t\t\t\tres.Hash,\n\t\t\t\tdapp.UserBalance(),\n\t\t\t)))\n\t\t}).Methods(\"POST\")\n}\n\nfunc getPublicKeyFromToken(token string) string {\n\tif token == \"\" {\n\t\tlog.Fatal(\"token is sent empty\")\n\t\tos.Exit(1)\n\t}\n\tj := \u0026auth.JWT{Secret: APP_KEY}\n\tjwtToken := j.Decode(token)\n\treturn jwtToken.Claims.(jwt.MapClaims)[\"sub\"].(string)\n}\n```\n\n\n## Development\n```shell\n# Clone this repo\n\n$ git clone https://github.com/codehakase/mobius-client-go.git $GOPATH/src/github.com/codehakase/mobius-client-go \u0026\u0026 cd $_\n\n# Install dependencies (using go dep) http://github.com/golang/dep\n\n$ dep ensure -v\n\n# Run authentication example\n\n$ make example:auth # will boot http server @ http://localhost:3000\n\n# Run Tests\n\n$ make test # or make test-verbose\n```\n\n## Contributing\n\nBug reports and pull requests are welcome on GitHub at\nhttps://github.com/codehakase/mobius-client-go. This project is intended to\nbe a safe, welcoming space for collaboration, and contributors are expected to\nadhere to the [Contributor Covenant](http://contributor-covenant.org) code of\nconduct.\n\n## License\n\nThe SDK is available as open source under the terms of the [MIT\nLicense](https://opensource.org/licenses/MIT).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodehakase%2Fmobius-client-go","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodehakase%2Fmobius-client-go","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodehakase%2Fmobius-client-go/lists"}