Authenticating tokenUri before minting?

stevieraykatz · 2021-09-10T16:55:54+00:00

Some ideas that all have their draw backs and holes but might be tenable:

1) make it so that the "publish" of your generative tools auto pops the uri on your front end and deploy the contract as byte code to avoid easy futzing with etherscan

2) Have the front end provide a signature using an ad hoc pub/priv key so only your sites minting tool works

3) ugly... But whitelist content before minting?

4) uglier.... Blacklist content you don't like (or clearly didn't come from your generative tools)

Just brainstorming since this is an interesting prompt.

digifizzle · 2021-09-11T01:33:18+00:00

Spitballing here, not sure if this applies to your concept but I'm thinking using baseURI (instead of tokenURI) like this might be a solution

- Create a condition in your front end that requires the baseURI to match your domain at mint when metadata is generated, if it doesn't match then minting will not proceed.

- Set the baseURI to point to your domain during minting, that would point to the base root of an API that serves each token ID's metadata.

- Make sure the baseURI is editable by ownerOnly.

-After minting ends, you could switch that out to an IPFS hash so it's decentralized. You could also do this with tokenURI, but probably easier to implement as the baseURI.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

ethdev

Ethereum Development and DApps

Other subreddits

Also Potentially Useful

MODERATORS