Skip to content

Commit

Permalink
update send restriction logic; transfer auth logic
Browse files Browse the repository at this point in the history
  • Loading branch information
catShaark committed Sep 18, 2024
1 parent f5f6bb9 commit 5897cec
Show file tree
Hide file tree
Showing 15 changed files with 441 additions and 481 deletions.

This file was deleted.

15 changes: 6 additions & 9 deletions proto/realionetwork/asset/priviledges/transfer_auth/query.proto
Original file line number Diff line number Diff line change
Expand Up @@ -4,22 +4,19 @@ package realionetwork.asset.v1;
option go_package = "github.com/realiotech/realio-network/x/asset/priviledges/transfer_auth";

import "cosmos_proto/cosmos.proto";
import "realionetwork/asset/priviledges/transfer_auth/priv.proto";

message QueryAllowAddressRequest {
message QueryWhitelistedAddressesRequest {
string token_id = 1;
}

message QueryAllowAddressRespones {
AllowAddrs allow_addrs = 1;
message QueryWhitelistedAddressesResponse {
repeated string whitelisted_addrs = 1;
}

message QueryIsAllowedRequest {
message QueryIsAddressWhitelistedRequest {
string address = 1 [ (cosmos_proto.scalar) = "cosmos.AddressString" ];
string token_id = 2;

}

message QueryIsAllowedRespones {
bool is_allow = 1;
message QueryIsAddressWhitelistedRespones {
bool is_whitelisted = 1;
}
1 change: 1 addition & 0 deletions proto/realionetwork/asset/v1/token.proto
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ message TokenManagement {
string manager = 1 [ (cosmos_proto.scalar) = "cosmos.AddressString" ];
bool add_new_privilege = 2;
repeated string excluded_privileges = 3;
repeated string enabled_privileges = 4;
}

message Balance {
Expand Down
1 change: 1 addition & 0 deletions proto/realionetwork/asset/v1/tx.proto
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ message MsgCreateToken {
string description = 6;
repeated string excluded_privileges = 7;
bool add_new_privilege = 8;
repeated string enabled_privileges = 9;
}

message MsgCreateTokenResponse {}
Expand Down
6 changes: 3 additions & 3 deletions x/asset/keeper/keeper.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ type (
bankKeeper types.BankKeeper
ak types.AccountKeeper
PrivilegeManager map[string]types.PrivilegeI
RestrictionChecker []RestrictionChecker
RestrictionChecker map[string]RestrictionChecker
}
)

Expand Down Expand Up @@ -71,8 +71,8 @@ func (k *Keeper) AddPrivilege(priv types.PrivilegeI) error {

checker, ok := priv.(RestrictionChecker)
// currently we should only support one restriction checker at a time
if ok && len(k.RestrictionChecker) == 0 {
k.RestrictionChecker = append(k.RestrictionChecker, checker)
if ok {
k.RestrictionChecker[priv.Name()] = checker
}

return nil
Expand Down
14 changes: 10 additions & 4 deletions x/asset/keeper/msg_server.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,10 +47,10 @@ func (k msgServer) CreateToken(goCtx context.Context, msg *types.MsgCreateToken)
k.SetToken(ctx, tokenId, token)
k.bankKeeper.SetDenomMetaData(ctx, bank.Metadata{
Base: tokenId, Symbol: lowerCaseSymbol, Name: lowerCaseName,
DenomUnits: []*bank.DenomUnit{{Denom: lowerCaseSymbol, Exponent: msg.Decimal}, {Denom: tokenId, Exponent: 0}},
DenomUnits: []*bank.DenomUnit{{Denom: tokenId, Exponent: msg.Decimal}},
})

tokenManage := types.NewTokenManagement(msg.Manager, msg.AddNewPrivilege, msg.ExcludedPrivileges)
tokenManage := types.NewTokenManagement(msg.Manager, msg.AddNewPrivilege, msg.ExcludedPrivileges, msg.EnabledPrivileges)
k.SetTokenManagement(ctx, tokenId, tokenManage)

ctx.EventManager().EmitEvent(
Expand Down Expand Up @@ -135,8 +135,13 @@ func (k msgServer) AssignPrivilege(goCtx context.Context, msg *types.MsgAssignPr
if tm.Manager != msg.Manager {
return nil, errorsmod.Wrapf(sdkerrors.ErrUnauthorized, "sender is not token manager")
}
if slices.Contains(tm.ExcludedPrivileges, msg.Privilege) {
return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidRequest, "privilege %s is excluded", msg.Privilege)
if !slices.Contains(tm.EnabledPrivileges, msg.GetPrivilege()) {
if !tm.AddNewPrivilege {
return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidRequest, "can't add new privilege")
} else if slices.Contains(tm.ExcludedPrivileges, msg.Privilege) {
return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidRequest, "privilege %s is excluded", msg.Privilege)
}
tm.EnabledPrivileges = append(tm.EnabledPrivileges, msg.Privilege)
}

for _, user := range msg.AssignedTo {
Expand All @@ -145,6 +150,7 @@ func (k msgServer) AssignPrivilege(goCtx context.Context, msg *types.MsgAssignPr
return nil, err
}
k.SetTokenPrivilegeAccount(ctx, msg.TokenId, msg.Privilege, userAcc)
k.SetTokenManagement(ctx, msg.TokenId, tm)
}

return &types.MsgAssignPrivilegeResponse{}, nil
Expand Down
42 changes: 20 additions & 22 deletions x/asset/keeper/restriction.go
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
package keeper

import (
errorsmod "cosmossdk.io/errors"
"github.com/realiotech/realio-network/x/asset/types"
"slices"

errorsmod "cosmossdk.io/errors"
sdk "github.com/cosmos/cosmos-sdk/types"
"github.com/realiotech/realio-network/x/asset/types"
)

type RestrictionChecker interface {
Expand All @@ -20,34 +21,31 @@ func (k Keeper) AssetSendRestriction(ctx sdk.Context, fromAddr, toAddr sdk.AccAd
return newToAddr, nil
}

checker := k.RestrictionChecker[0]

for _, coin := range amt {
// Check if the value already exists
// fetch bank metadata to get symbol from denom
symbol := coin.Denom
tokenMetadata, found := k.bankKeeper.GetDenomMetaData(ctx, coin.Denom)
if found {
symbol = tokenMetadata.Symbol
}
_, isFound := k.GetToken(
tokenID := coin.Denom
tm, isFound := k.GetTokenManagement(
ctx,
symbol,
tokenID,
)
if !isFound {
continue
}

isAllow, err := checker.IsAllow(ctx, symbol, fromAddr.String())
if err != nil {
return newToAddr, err
}

if isAllow {
continue
} else { //nolint:revive // superfluous else, could fix, but not worth it?
err = errorsmod.Wrapf(types.ErrNotAuthorized, "%s is not authorized to transact with %s", fromAddr, coin.Denom)
return newToAddr, err
enabledPrivileges := tm.EnabledPrivileges
for priv, restrictionChecker := range k.RestrictionChecker {
if slices.Contains(enabledPrivileges, priv) {
isAllow, err := restrictionChecker.IsAllow(ctx, tokenID, fromAddr.String())
if err != nil {
return newToAddr, err
}
if isAllow {
continue
} else { //nolint:revive // superfluous else, could fix, but not worth it?
err = errorsmod.Wrapf(types.ErrNotAuthorized, "%s is not authorized to transact with %s", fromAddr, coin.Denom)
return newToAddr, err
}
}
}

Check warning

Code scanning / CodeQL

Iteration over map Warning

Iteration over map may be a possible source of non-determinism
}
return newToAddr, nil
Expand Down
10 changes: 2 additions & 8 deletions x/asset/priviledges/transfer_auth/msg_server.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,16 +13,10 @@ import (
func (mp TransferAuthPriviledge) UpdateAllowList(ctx sdk.Context, msg *MsgUpdateAllowList, tokenID string) error {

for _, addr := range msg.AllowedAddresses {
err := mp.AddAddr(ctx, addr, tokenID)
if err != nil {
return err
}
mp.AddAddressToWhiteList(ctx, tokenID, addr)
}
for _, addr := range msg.DisallowedAddresses {
err := mp.RemoveAddr(ctx, addr, tokenID)
if err != nil {
return err
}
mp.RemoveAddressFromWhiteList(ctx, tokenID, addr)
}
return nil
}
Expand Down
122 changes: 1 addition & 121 deletions x/asset/priviledges/transfer_auth/priv.go
Original file line number Diff line number Diff line change
@@ -1,14 +1,10 @@
package transfer_auth

import (
"fmt"

"github.com/realiotech/realio-network/x/asset/keeper"
"github.com/realiotech/realio-network/x/asset/types"

"github.com/cosmos/cosmos-sdk/codec"
cdctypes "github.com/cosmos/cosmos-sdk/codec/types"
"github.com/cosmos/cosmos-sdk/store/prefix"
storetypes "github.com/cosmos/cosmos-sdk/store/types"
sdk "github.com/cosmos/cosmos-sdk/types"
)
Expand All @@ -35,124 +31,8 @@ func (tp TransferAuthPriviledge) Name() string {
return priv_name
}

func tokenPrefix(tokenID string) []byte {
return append([]byte{0x01}, tokenID...)
}

func (tp TransferAuthPriviledge) SetupAllowListForToken(ctx sdk.Context, tokenId string, list map[string]bool) error {
store := prefix.NewStore(ctx.KVStore(tp.storeKey), tokenPrefix(tokenId))
key := []byte(tokenId)
bz := store.Get(key)

if bz != nil {
return fmt.Errorf("token ID %s already have an allow list", tokenId)
}

allowAddrs := AllowAddrs{
Addrs: list,
}

bz, err := tp.cdc.Marshal(&allowAddrs)
if err != nil {
return err
}
store.Set(key, bz)

return nil
}

func (tp TransferAuthPriviledge) GetAddrList(ctx sdk.Context, tokenId string) (AllowAddrs, error) {
store := prefix.NewStore(ctx.KVStore(tp.storeKey), types.TokenKey)
key := []byte(tokenId)
bz := store.Get(key)

if bz == nil {
return AllowAddrs{
Addrs: map[string]bool{},
}, nil
}

var allowAddrs AllowAddrs
err := tp.cdc.Unmarshal(bz, &allowAddrs)
if err != nil {
return AllowAddrs{
Addrs: map[string]bool{},
}, err
}

return allowAddrs, nil
}

func (tp TransferAuthPriviledge) AddAddr(ctx sdk.Context, addr, tokenId string) error {
store := prefix.NewStore(ctx.KVStore(tp.storeKey), types.TokenKey)
key := []byte(tokenId)
bz := store.Get(key)
var allowAddrs *AllowAddrs

if bz == nil {
allowAddrs = &AllowAddrs{
Addrs: map[string]bool{},
}
}

err := tp.cdc.Unmarshal(bz, allowAddrs)
if err != nil {
return err
}

allowAddrs.Addrs[addr] = true

bz, err = tp.cdc.Marshal(allowAddrs)
if err != nil {
return err
}
store.Set(key, bz)

return nil
}

func (tp TransferAuthPriviledge) RemoveAddr(ctx sdk.Context, addr, tokenId string) error {
store := prefix.NewStore(ctx.KVStore(tp.storeKey), types.TokenKey)
key := []byte(tokenId)
bz := store.Get(key)
var allowAddrs *AllowAddrs

if bz == nil {
allowAddrs = &AllowAddrs{
Addrs: map[string]bool{},
}
}

err := tp.cdc.Unmarshal(bz, allowAddrs)
if err != nil {
return err
}

allowAddrs.Addrs[addr] = false

bz, err = tp.cdc.Marshal(allowAddrs)
if err != nil {
return err
}
store.Set(key, bz)

return nil
}

func (tp TransferAuthPriviledge) RegisterInterfaces(registry cdctypes.InterfaceRegistry) {}

func (tp TransferAuthPriviledge) IsAllow(ctx sdk.Context, tokenID string, sender string) (bool, error) {
allowAddrs, err := tp.GetAddrList(ctx, tokenID)
if err != nil {
return false, err
}

var isAllow bool
isAllow, has := allowAddrs.Addrs[sender]
if !has {
isAllow = false
}

return isAllow, nil

return tp.CheckAddressIsWhitelisted(ctx, tokenID, sender), nil
}
Loading

0 comments on commit 5897cec

Please sign in to comment.