Add ledger check to example

README.md

@@ -4,11 +4,12 @@ An express middleware adding SEP-8 compliance to your project by specifying your
 
 ## Usage
 
-See the [example](/example/index.js) project for a full implementation that implements a simple "Transaction must be less than an amount of 50" ruleset.
+See the [example](/example/index.js) project for a full implementation that implements a simple "Transaction must be less than an amount of 50, and accounts can hold a maximum of 1000 tokens" ruleset.
 
 ### Env Vars
 
 Add `ASSET_CODE` and `ISSUER_SECRET` environment variables so that the bridge can sign approval transactions.
+`BRIDGE_HOSTNAME` is required if you use the TOML middleware, and should contain the hostname the approval server will be located at.
 
 ### Implementation
 

bridge/approve.js

@@ -56,7 +56,16 @@ module.exports = function (rules) {
       fee: feeStats.fee_charged.p90,
       networkPassphrase: StellarSdk.Networks.TESTNET,
     });
-
+    let assetsToParticipantMap = {};
+    tx.operations.forEach((operation) => {
+      if (operation.type === "payment") {
+        const code = operation.asset.getCode();
+        assetsToParticipantMap[code] =
+          assetsToParticipantMap[code] || new Set();
+        assetsToParticipantMap[code].add(operation.source || tx.source);
+        assetsToParticipantMap[code].add(operation.destination);
+      }
+    });
     const setParticipantAuthorizations = (allow) => {
       Object.keys(assetsToParticipantMap).forEach((asset) => {
         const participants = assetsToParticipantMap[asset];

example/rules.js

@@ -1,5 +1,8 @@
 const StellarSdk = require("stellar-sdk");
+const server = new StellarSdk.Server("https://horizon-testnet.stellar.org");
 const log = (m) => console.log(m);
+const issuer = StellarSdk.Keypair.fromSecret(process.env.ISSUER_SECRET);
+const assetCode = process.env.ASSET_CODE;
 
 /**
  * @param {StellarSdk.Transaction} transaction Proposed transaction
@@ -9,29 +12,49 @@ const log = (m) => console.log(m);
  * @returns {string} response.error Optional error message if the transaction was rejected
  */
 const rules = async (transaction) => {
-  let totalAmount = 0;
-  let assetsToParticipantMap = {};
-  let participants = [];
+  const paymentOperations = [];
   log("Checking operations in proposed transaction");
   transaction.operations.forEach((operation) => {
     log("  Type: " + operation.type);
     log("  Source: " + (operation.source || transaction.source));
     log("  Destination: " + operation.destination);
     log("  Asset: " + operation.asset.getCode());
     log("  Amount: " + operation.amount);
-    participants.push(operation.destination);
-    participants.push(operation.source || transaction.source);
     if (operation.type === "payment") {
-      const code = operation.asset.getCode();
-      assetsToParticipantMap[code] = assetsToParticipantMap[code] || new Set();
-      totalAmount += parseFloat(operation.amount);
-      assetsToParticipantMap[code].add(operation.source || transaction.source);
-      assetsToParticipantMap[code].add(operation.destination);
+      paymentOperations.push(operation);
     }
   });
-  log("Total Amount: " + totalAmount);
-  if (totalAmount > 50) {
-    return { allowed: false, error: "Total amount must be less than 50" };
+  if (paymentOperations.length != 1) {
+    return {
+      allowed: false,
+      error:
+        "Only transactions with a single payment operation can be approved in this example.",
+    };
+  }
+  const paymentOp = paymentOperations[0];
+
+  if (parseFloat(paymentOp.amount) > 50) {
+    return { allowed: false, error: "Payment amount must be less than 50" };
+  }
+
+  const destination = paymentOp.destination;
+  const account = await server.loadAccount(destination);
+  const balance = account.balances.find(
+    (balance) =>
+      balance.asset_code === assetCode &&
+      balance.asset_issuer === issuer.publicKey()
+  );
+  if (!balance) {
+    return {
+      allowed: false,
+      error: "Destination has no trustline to the asset",
+    };
+  }
+  if (balance.balance + parseFloat(paymentOp.amount) > 1000) {
+    return {
+      allowed: false,
+      error: "Payment would put destination account above the 1000 token limit",
+    };
   }
   return { allowed: true };
 };