Enable/disable SIWE authentication

Last updated 6 Nov 2025, 23:25

API

Operator Quickstart: see docs/ops-quickstart.md

Run locally (dev):

poetry install
uvicorn main:app --reload

Wallet Authentication (SIWE)

The API supports Sign-In with Ethereum (SIWE) for MetaMask and zenctl wallet authentication. Configure via environment variables:

# Enable/disable SIWE authentication
SIWE_ENABLED=1

# Domain and URI for SIWE messages
SIWE_DOMAIN=zenpower.at
SIWE_URI=https://zenpower.at

# Allowed origins for CORS (comma-separated)
SIWE_ALLOWED_ORIGINS=https://register.zenpower.at,https://zenpower.at

# Ethereum chain ID (1 = Ethereum mainnet, 11155111 = Sepolia testnet)
SIWE_CHAIN_ID=1

# SIWE statement shown to users during wallet connect
SIWE_STATEMENT="Sign in to Zenpower"

# Session configuration
SIWE_NONCE_TTL_SECONDS=300     # Nonce valid for 5 minutes
SIWE_SESSION_TTL_SECONDS=3600  # Session valid for 1 hour

# Cookie settings (production)
SIWE_COOKIE_NAME=siwe_session
SIWE_COOKIE_DOMAIN=.zenpower.at
SIWE_COOKIE_SECURE=1           # Require HTTPS
SIWE_COOKIE_SAMESITE=lax       # Cross-site cookie policy

# Default groups assigned to SIWE-authenticated users
SIWE_DEFAULT_GROUPS=ops,admin

For wallet authentication to work, ensure the frontend (web/register) has matching configuration. See apps/web/README.md for frontend SIWE settings.

Production tuning:

  • Use multiple workers: uvicorn main:app --host 0.0.0.0 --port 8000 --workers $(nproc).
  • uvicorn[standard] enables uvloop and httptools for faster IO (already in deps).
  • Docker Compose passes --workers ${API_WORKERS:-2}; set API_WORKERS in .env to match CPU.
  • Prefer vectorized/DB-side operations for batch endpoints; paginate large responses.

Managing Host Services (Home Ops)

Use monorepo ops targets (delegating to ~/ops-state) for local bring-up and health:

make ops-preflight
make ops-up-reverse-proxy
make ops-up-web
make ops-health-local
make ops-status-page

Shared flags in ~/ops-state/host-config/compose.env:

  • DOMAIN (required for TLS routing)
  • HOSTPORTS=1 to enable local port binds (default is off)
  • EXPECT_REDIS2=1 to enforce dual-Redis health locally (optional)

See Operator Quickstart: docs/ops-quickstart.md

Perf linting:

  • From repo root: make lint-perf to scan for common performance issues.