feat: refactor whitelisted_addresses #392
Conversation
| string genesis_operator_address = 3; |
There was a problem hiding this comment.
is sequencer_operator_address a better name?
There was a problem hiding this comment.
This one is the original name in sequencer module, I didn't change anything about it. So if it's required, I think we will need another chores issue for that.
| if !m.sequencerKeeper.HasPermission(ctx, accAddr, types.ModuleName) { | ||
| return nil, sdkerrors.ErrUnauthorized | ||
| } |
There was a problem hiding this comment.
unauthorized or noPermission?
There was a problem hiding this comment.
the hub-genesis's orginally use Unauthoried from cosmos-sdk, while the denommetadata define an error called NoPermission
| if len(p.Permissions) == 0 { | ||
| return errors.New("permissions field cannot be empty") | ||
| } |
There was a problem hiding this comment.
extra branch for no reason I think
There was a problem hiding this comment.
Why do you think it is not needed? In this case, we can get rid of the empty proposal that happen in our chain
There was a problem hiding this comment.
it's just an extra branch for no reason
let the empty proposal happen
| @@ -33,7 +33,12 @@ func (k msgServer) CreateDenomMetadata( | |||
| return nil, err | |||
| } | |||
|
|
|||
| if !k.IsAddressPermissioned(ctx, msg.SenderAddress) { | |||
There was a problem hiding this comment.
should refactor IsAddressPermissioned and reuse it
|
@danwt @anhductn2001 @lacsomot guys, thanks for all the comments you leave. I think I solves most of them. Please help me check again one more time before we can merge them into rdk |
| @@ -56,7 +56,7 @@ func (AppModuleBasic) ValidateGenesis(cdc codec.JSONCodec, config client.TxEncod | |||
| if err := cdc.UnmarshalJSON(bz, &genState); err != nil { | |||
There was a problem hiding this comment.
why bother unmashalling genState if it's not used?
| // params are all parameters for the module | ||
| Params params = 1 [ (gogoproto.nullable) = false ]; | ||
| } | ||
| message GenesisState {} |
There was a problem hiding this comment.
if this is empty, why do we need it at all?
There was a problem hiding this comment.
We should keep it as it's the cosmos-sdk standard, and in case we need to store some states in the future
| (gogoproto.nullable) = false, | ||
| (gogoproto.castrepeated) = "github.com/cosmos/cosmos-sdk/types.Coins" | ||
| ]; | ||
| // is_locked is a boolean that indicates if the genesis event has occured |
There was a problem hiding this comment.
| // is_locked is a boolean that indicates if the genesis event has occured | |
| // is_locked is a boolean that indicates if the genesis event has occurred |
| @@ -33,7 +33,12 @@ func (k msgServer) CreateDenomMetadata( | |||
| return nil, err | |||
| } | |||
|
|
|||
| if !k.IsAddressPermissioned(ctx, msg.SenderAddress) { | |||
| @@ -27,7 +27,12 @@ func (m msgServer) TriggerGenesisEvent(goCtx context.Context, msg *types.MsgHubG | |||
| ctx := sdk.UnwrapSDKContext(goCtx) | |||
|
|
|||
| // Get the sender and validate they are in the Allowlist | |||
| if !m.IsAddressInGenesisTriggererAllowList(ctx, msg.Address) { | |||
| accAddr, err := sdk.AccAddressFromBech32(msg.Address) | |||
There was a problem hiding this comment.
these checks could indeed be moved to a separate method. no blocker though
| return errors.Wrapf(err, "address format error") | ||
| } | ||
|
|
||
| res, err := queryClient.Permissions(context.Background(), &types.QueryPermissionsRequest{ |
There was a problem hiding this comment.
| res, err := queryClient.Permissions(context.Background(), &types.QueryPermissionsRequest{ | |
| res, err := queryClient.Permissions(cmd.Context(), &types.QueryPermissionsRequest{ |
| // method. | ||
| message QueryPermissionsResponse { | ||
| // permissions defines the permissions for the given address. | ||
| string permissions = 1; |
There was a problem hiding this comment.
why not repeated string permissions = 1; ?
There was a problem hiding this comment.
We need to store it in KVStore, and the repeated string, which will be convert to []string can not be Marshal to bytes in codec. This's the reason I make a wrapper struct for that
| params := q.GetParams(ctx) | ||
| return &types.QueryParamsResponse{Params: params}, nil | ||
| } | ||
|
|
||
| // IBCDenomByDenomTrace returns IBC denom base on denom trace | ||
| func (q Querier) IBCDenomByDenomTrace( |
There was a problem hiding this comment.
I know it's not related, but this should be covered by a test. Maybe leave a TODO, this PR is already big enough.
| @@ -0,0 +1,57 @@ | |||
| package sequencers | |||
|
|
|||
There was a problem hiding this comment.
be nice to write a test for these
| func NewUpdatePermissionProposalHandler(k *keeper.Keeper) govtypes.Handler { | ||
| return func(ctx sdk.Context, content govtypes.Content) error { | ||
| switch c := content.(type) { | ||
| case *types.GrantPermissionsProposal: | ||
| return HandleGrantPermissionsProposal(ctx, k, c) | ||
| case *types.RevokePermissionsProposal: | ||
| return HandleRevokePermissionsProposal(ctx, k, c) | ||
| default: | ||
| return errorsmod.Wrapf(sdkerrors.ErrUnknownRequest, "unrecognized permissions proposal content type: %T", c) | ||
| } | ||
| } | ||
| } | ||
|
|
||
| // HandleGrantPermissionsProposal is a handler for executing a grant permissions proposal | ||
| func HandleGrantPermissionsProposal(ctx sdk.Context, k *keeper.Keeper, p *types.GrantPermissionsProposal) error { | ||
| if err := p.ValidateBasic(); err != nil { | ||
| return err | ||
| } | ||
|
|
||
| for _, addrPerms := range p.AddressPermissions { | ||
| accAddr, err := sdk.AccAddressFromBech32(addrPerms.Address) | ||
| if err != nil { | ||
| return err | ||
| } | ||
|
|
||
| k.GrantPermissions(ctx, accAddr, addrPerms.PermissionList) | ||
| } | ||
| return nil | ||
| } | ||
|
|
||
| // HandleRevokePermissionsProposal is a handler for executing a revoke permissions proposal | ||
| func HandleRevokePermissionsProposal(ctx sdk.Context, k *keeper.Keeper, p *types.RevokePermissionsProposal) error { | ||
| if err := p.ValidateBasic(); err != nil { | ||
| return err | ||
| } | ||
|
|
||
| for _, addrPerms := range p.AddressPermissions { | ||
| accAddr, err := sdk.AccAddressFromBech32(addrPerms.Address) | ||
| if err != nil { | ||
| return err | ||
| } | ||
|
|
||
| k.RevokePermissions(ctx, accAddr, addrPerms.PermissionList) | ||
| } | ||
| return nil | ||
| } |
There was a problem hiding this comment.
There is some repetition here - could make it DRYer like so:
| func NewUpdatePermissionProposalHandler(k *keeper.Keeper) govtypes.Handler { | |
| return func(ctx sdk.Context, content govtypes.Content) error { | |
| switch c := content.(type) { | |
| case *types.GrantPermissionsProposal: | |
| return HandleGrantPermissionsProposal(ctx, k, c) | |
| case *types.RevokePermissionsProposal: | |
| return HandleRevokePermissionsProposal(ctx, k, c) | |
| default: | |
| return errorsmod.Wrapf(sdkerrors.ErrUnknownRequest, "unrecognized permissions proposal content type: %T", c) | |
| } | |
| } | |
| } | |
| // HandleGrantPermissionsProposal is a handler for executing a grant permissions proposal | |
| func HandleGrantPermissionsProposal(ctx sdk.Context, k *keeper.Keeper, p *types.GrantPermissionsProposal) error { | |
| if err := p.ValidateBasic(); err != nil { | |
| return err | |
| } | |
| for _, addrPerms := range p.AddressPermissions { | |
| accAddr, err := sdk.AccAddressFromBech32(addrPerms.Address) | |
| if err != nil { | |
| return err | |
| } | |
| k.GrantPermissions(ctx, accAddr, addrPerms.PermissionList) | |
| } | |
| return nil | |
| } | |
| // HandleRevokePermissionsProposal is a handler for executing a revoke permissions proposal | |
| func HandleRevokePermissionsProposal(ctx sdk.Context, k *keeper.Keeper, p *types.RevokePermissionsProposal) error { | |
| if err := p.ValidateBasic(); err != nil { | |
| return err | |
| } | |
| for _, addrPerms := range p.AddressPermissions { | |
| accAddr, err := sdk.AccAddressFromBech32(addrPerms.Address) | |
| if err != nil { | |
| return err | |
| } | |
| k.RevokePermissions(ctx, accAddr, addrPerms.PermissionList) | |
| } | |
| return nil | |
| } | |
| func NewUpdatePermissionProposalHandler(k *keeper.Keeper) govtypes.Handler { | |
| return func(ctx sdk.Context, content govtypes.Content) error { | |
| if err := content.ValidateBasic(); err != nil { | |
| return err | |
| } | |
| switch c := content.(type) { | |
| case *types.GrantPermissionsProposal: | |
| return HandlePermissionsProposal(ctx, c.AddressPermissions, k.GrantPermissions) | |
| case *types.RevokePermissionsProposal: | |
| return HandlePermissionsProposal(ctx, c.AddressPermissions, k.RevokePermissions) | |
| default: | |
| return errorsmod.Wrapf(sdkerrors.ErrUnknownRequest, "unrecognized permissions proposal content type: %T", c) | |
| } | |
| } | |
| } | |
| // action can be grant or revoke | |
| type actionFn func(ctx sdk.Context, accAddr sdk.AccAddress, permList types.PermissionList) | |
| // HandlePermissionsProposal is a handler for executing a permissions proposal | |
| func HandlePermissionsProposal(ctx sdk.Context, perms []types.AddressPermissions, action actionFn) error { | |
| for _, perm := range perms { | |
| accAddr, err := sdk.AccAddressFromBech32(perm.Address) | |
| if err != nil { | |
| return err | |
| } | |
| action(ctx, accAddr, perm.PermissionList) | |
| } | |
| return nil | |
| } | |
| newPerms := slices.DeleteFunc(permissionList.Permissions, func(perm string) bool { | ||
| return slices.Contains(revokePermList.Permissions, perm) | ||
| }) |
There was a problem hiding this comment.
I don't think this could make the chain receive dos attack, currently we just have vesting, hubgenesis, and denommetadata module that require permissions. This won't affect anything
| if !p.Equal(NewPermissionsList(perms)) { | ||
| return fmt.Errorf("PermissionList is not sorted yet") | ||
| } |
There was a problem hiding this comment.
why do we require sorted? should have a comment explaining
There was a problem hiding this comment.
can remove sorting, thank you
Closes #390