mirror of
https://github.com/grassrootseconomics/cic-custodial.git
synced 2024-12-22 01:47:31 +01:00
feat: add transfer authorization (#100)
* wip: add transfer auithorization * feat: update transferAuthPayload * switch to MAX_INT for value and use revoke flag * tranfer handler: fix nonce rollback on EOA account * feat: switch to session based session transfer auth * Demurrage contracts require setting the approval value to 0 before updating the value after the initial limit is set * This implementation auto-revokes every 15 min after arequest is created. Subsequent requests will fail untill the value is set back to 0 * feat: settable approve session timeout
This commit is contained in:
parent
98ff897049
commit
9e1d62a014
@ -50,6 +50,7 @@ func initApiServer(custodialContainer *custodial.Custodial) *echo.Echo {
|
|||||||
apiRoute.POST("/account/create", api.HandleAccountCreate(custodialContainer))
|
apiRoute.POST("/account/create", api.HandleAccountCreate(custodialContainer))
|
||||||
apiRoute.GET("/account/status/:address", api.HandleNetworkAccountStatus(custodialContainer))
|
apiRoute.GET("/account/status/:address", api.HandleNetworkAccountStatus(custodialContainer))
|
||||||
apiRoute.POST("/sign/transfer", api.HandleSignTransfer(custodialContainer))
|
apiRoute.POST("/sign/transfer", api.HandleSignTransfer(custodialContainer))
|
||||||
|
apiRoute.POST("/sign/transferAuth", api.HandleSignTranserAuthorization(custodialContainer))
|
||||||
apiRoute.GET("/track/:trackingId", api.HandleTrackTx(custodialContainer))
|
apiRoute.GET("/track/:trackingId", api.HandleTrackTx(custodialContainer))
|
||||||
|
|
||||||
return server
|
return server
|
||||||
|
@ -58,6 +58,7 @@ func main() {
|
|||||||
natsConn, jsCtx := initJetStream()
|
natsConn, jsCtx := initJetStream()
|
||||||
|
|
||||||
custodial, err := custodial.NewCustodial(custodial.Opts{
|
custodial, err := custodial.NewCustodial(custodial.Opts{
|
||||||
|
ApprovalTimeout: ko.MustDuration("system.approve_timeout"),
|
||||||
CeloProvider: celoProvider,
|
CeloProvider: celoProvider,
|
||||||
LockProvider: lockProvider,
|
LockProvider: lockProvider,
|
||||||
Logg: lo,
|
Logg: lo,
|
||||||
|
@ -37,6 +37,7 @@ func initTasker(custodialContainer *custodial.Custodial, redisPool *redis.RedisP
|
|||||||
taskerServer.RegisterHandlers(tasker.AccountRegisterTask, task.AccountRegisterOnChainProcessor(custodialContainer))
|
taskerServer.RegisterHandlers(tasker.AccountRegisterTask, task.AccountRegisterOnChainProcessor(custodialContainer))
|
||||||
taskerServer.RegisterHandlers(tasker.AccountRefillGasTask, task.AccountRefillGasProcessor(custodialContainer))
|
taskerServer.RegisterHandlers(tasker.AccountRefillGasTask, task.AccountRefillGasProcessor(custodialContainer))
|
||||||
taskerServer.RegisterHandlers(tasker.SignTransferTask, task.SignTransfer(custodialContainer))
|
taskerServer.RegisterHandlers(tasker.SignTransferTask, task.SignTransfer(custodialContainer))
|
||||||
|
taskerServer.RegisterHandlers(tasker.SignTransferTaskAuth, task.SignTransferAuthorizationProcessor(custodialContainer))
|
||||||
taskerServer.RegisterHandlers(tasker.DispatchTxTask, task.DispatchTx(custodialContainer))
|
taskerServer.RegisterHandlers(tasker.DispatchTxTask, task.DispatchTx(custodialContainer))
|
||||||
|
|
||||||
return taskerServer
|
return taskerServer
|
||||||
|
@ -13,6 +13,7 @@ registry_address = ""
|
|||||||
[system]
|
[system]
|
||||||
private_key = ""
|
private_key = ""
|
||||||
public_key = ""
|
public_key = ""
|
||||||
|
approve_timeout = "30m"
|
||||||
|
|
||||||
[postgres]
|
[postgres]
|
||||||
dsn = ""
|
dsn = ""
|
||||||
|
62
docs/docs.go
62
docs/docs.go
@ -158,6 +158,66 @@ const docTemplate = `{
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"/sign/transferAuth": {
|
||||||
|
"post": {
|
||||||
|
"description": "Sign and dispatch a transfer authorization (approve) request.",
|
||||||
|
"consumes": [
|
||||||
|
"application/json"
|
||||||
|
],
|
||||||
|
"produces": [
|
||||||
|
"application/json"
|
||||||
|
],
|
||||||
|
"tags": [
|
||||||
|
"network"
|
||||||
|
],
|
||||||
|
"summary": "Sign and dispatch a transfer authorization (approve) request.",
|
||||||
|
"parameters": [
|
||||||
|
{
|
||||||
|
"description": "Sign Transfer Authorization (approve) Request",
|
||||||
|
"name": "signTransferAuthorzationRequest",
|
||||||
|
"in": "body",
|
||||||
|
"required": true,
|
||||||
|
"schema": {
|
||||||
|
"type": "object",
|
||||||
|
"properties": {
|
||||||
|
"amount": {
|
||||||
|
"type": "integer"
|
||||||
|
},
|
||||||
|
"authorizedAddress": {
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"authorizer": {
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"voucherAddress": {
|
||||||
|
"type": "string"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"responses": {
|
||||||
|
"200": {
|
||||||
|
"description": "OK",
|
||||||
|
"schema": {
|
||||||
|
"$ref": "#/definitions/api.OkResp"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"400": {
|
||||||
|
"description": "Bad Request",
|
||||||
|
"schema": {
|
||||||
|
"$ref": "#/definitions/api.ErrResp"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"500": {
|
||||||
|
"description": "Internal Server Error",
|
||||||
|
"schema": {
|
||||||
|
"$ref": "#/definitions/api.ErrResp"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
"/track/{trackingId}": {
|
"/track/{trackingId}": {
|
||||||
"get": {
|
"get": {
|
||||||
"description": "Track an OTX (Origin transaction) status.",
|
"description": "Track an OTX (Origin transaction) status.",
|
||||||
@ -243,6 +303,8 @@ var SwaggerInfo = &swag.Spec{
|
|||||||
Description: "Interact with CIC Custodial API",
|
Description: "Interact with CIC Custodial API",
|
||||||
InfoInstanceName: "swagger",
|
InfoInstanceName: "swagger",
|
||||||
SwaggerTemplate: docTemplate,
|
SwaggerTemplate: docTemplate,
|
||||||
|
LeftDelim: "{{",
|
||||||
|
RightDelim: "}}",
|
||||||
}
|
}
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
@ -150,6 +150,66 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"/sign/transferAuth": {
|
||||||
|
"post": {
|
||||||
|
"description": "Sign and dispatch a transfer authorization (approve) request.",
|
||||||
|
"consumes": [
|
||||||
|
"application/json"
|
||||||
|
],
|
||||||
|
"produces": [
|
||||||
|
"application/json"
|
||||||
|
],
|
||||||
|
"tags": [
|
||||||
|
"network"
|
||||||
|
],
|
||||||
|
"summary": "Sign and dispatch a transfer authorization (approve) request.",
|
||||||
|
"parameters": [
|
||||||
|
{
|
||||||
|
"description": "Sign Transfer Authorization (approve) Request",
|
||||||
|
"name": "signTransferAuthorzationRequest",
|
||||||
|
"in": "body",
|
||||||
|
"required": true,
|
||||||
|
"schema": {
|
||||||
|
"type": "object",
|
||||||
|
"properties": {
|
||||||
|
"amount": {
|
||||||
|
"type": "integer"
|
||||||
|
},
|
||||||
|
"authorizedAddress": {
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"authorizer": {
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"voucherAddress": {
|
||||||
|
"type": "string"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"responses": {
|
||||||
|
"200": {
|
||||||
|
"description": "OK",
|
||||||
|
"schema": {
|
||||||
|
"$ref": "#/definitions/api.OkResp"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"400": {
|
||||||
|
"description": "Bad Request",
|
||||||
|
"schema": {
|
||||||
|
"$ref": "#/definitions/api.ErrResp"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"500": {
|
||||||
|
"description": "Internal Server Error",
|
||||||
|
"schema": {
|
||||||
|
"$ref": "#/definitions/api.ErrResp"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
"/track/{trackingId}": {
|
"/track/{trackingId}": {
|
||||||
"get": {
|
"get": {
|
||||||
"description": "Track an OTX (Origin transaction) status.",
|
"description": "Track an OTX (Origin transaction) status.",
|
||||||
|
@ -117,6 +117,45 @@ paths:
|
|||||||
summary: Sign and dispatch transfer request.
|
summary: Sign and dispatch transfer request.
|
||||||
tags:
|
tags:
|
||||||
- network
|
- network
|
||||||
|
/sign/transferAuth:
|
||||||
|
post:
|
||||||
|
consumes:
|
||||||
|
- application/json
|
||||||
|
description: Sign and dispatch a transfer authorization (approve) request.
|
||||||
|
parameters:
|
||||||
|
- description: Sign Transfer Authorization (approve) Request
|
||||||
|
in: body
|
||||||
|
name: signTransferAuthorzationRequest
|
||||||
|
required: true
|
||||||
|
schema:
|
||||||
|
properties:
|
||||||
|
amount:
|
||||||
|
type: integer
|
||||||
|
authorizedAddress:
|
||||||
|
type: string
|
||||||
|
authorizer:
|
||||||
|
type: string
|
||||||
|
voucherAddress:
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
produces:
|
||||||
|
- application/json
|
||||||
|
responses:
|
||||||
|
"200":
|
||||||
|
description: OK
|
||||||
|
schema:
|
||||||
|
$ref: '#/definitions/api.OkResp'
|
||||||
|
"400":
|
||||||
|
description: Bad Request
|
||||||
|
schema:
|
||||||
|
$ref: '#/definitions/api.ErrResp'
|
||||||
|
"500":
|
||||||
|
description: Internal Server Error
|
||||||
|
schema:
|
||||||
|
$ref: '#/definitions/api.ErrResp'
|
||||||
|
summary: Sign and dispatch a transfer authorization (approve) request.
|
||||||
|
tags:
|
||||||
|
- network
|
||||||
/track/{trackingId}:
|
/track/{trackingId}:
|
||||||
get:
|
get:
|
||||||
consumes:
|
consumes:
|
||||||
|
2
go.mod
2
go.mod
@ -20,7 +20,6 @@ require (
|
|||||||
github.com/knadh/koanf/providers/file v0.1.0
|
github.com/knadh/koanf/providers/file v0.1.0
|
||||||
github.com/knadh/koanf/v2 v2.0.1
|
github.com/knadh/koanf/v2 v2.0.1
|
||||||
github.com/labstack/echo/v4 v4.10.2
|
github.com/labstack/echo/v4 v4.10.2
|
||||||
github.com/labstack/gommon v0.4.0
|
|
||||||
github.com/nats-io/nats.go v1.25.0
|
github.com/nats-io/nats.go v1.25.0
|
||||||
github.com/redis/go-redis/v9 v9.0.4
|
github.com/redis/go-redis/v9 v9.0.4
|
||||||
github.com/swaggo/echo-swagger v1.4.0
|
github.com/swaggo/echo-swagger v1.4.0
|
||||||
@ -77,6 +76,7 @@ require (
|
|||||||
github.com/jackpal/go-nat-pmp v1.0.2 // indirect
|
github.com/jackpal/go-nat-pmp v1.0.2 // indirect
|
||||||
github.com/josharian/intern v1.0.0 // indirect
|
github.com/josharian/intern v1.0.0 // indirect
|
||||||
github.com/knadh/koanf/maps v0.1.1 // indirect
|
github.com/knadh/koanf/maps v0.1.1 // indirect
|
||||||
|
github.com/labstack/gommon v0.4.0 // indirect
|
||||||
github.com/leodido/go-urn v1.2.3 // indirect
|
github.com/leodido/go-urn v1.2.3 // indirect
|
||||||
github.com/mailru/easyjson v0.7.7 // indirect
|
github.com/mailru/easyjson v0.7.7 // indirect
|
||||||
github.com/mattn/go-colorable v0.1.13 // indirect
|
github.com/mattn/go-colorable v0.1.13 // indirect
|
||||||
|
4
go.sum
4
go.sum
@ -275,10 +275,6 @@ github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/ad
|
|||||||
github.com/graph-gophers/graphql-go v1.3.0/go.mod h1:9CQHMSxwO4MprSdzoIEobiHpoLtHm77vfxsvsIN5Vuc=
|
github.com/graph-gophers/graphql-go v1.3.0/go.mod h1:9CQHMSxwO4MprSdzoIEobiHpoLtHm77vfxsvsIN5Vuc=
|
||||||
github.com/grassrootseconomics/asynq v0.25.0 h1:2zSz5YwNLu/oCTm/xfNixn86i9aw4zth9Dl0dc2kFEs=
|
github.com/grassrootseconomics/asynq v0.25.0 h1:2zSz5YwNLu/oCTm/xfNixn86i9aw4zth9Dl0dc2kFEs=
|
||||||
github.com/grassrootseconomics/asynq v0.25.0/go.mod h1:pe2XOdK1eIbTgTmRFHIYl75lvVuTPJxZq2T9Ocz/+2s=
|
github.com/grassrootseconomics/asynq v0.25.0/go.mod h1:pe2XOdK1eIbTgTmRFHIYl75lvVuTPJxZq2T9Ocz/+2s=
|
||||||
github.com/grassrootseconomics/celoutils v1.2.1 h1:ndM4h7Df0d57m2kdRXRStrnunqOL61wQ51rnOanX1KI=
|
|
||||||
github.com/grassrootseconomics/celoutils v1.2.1/go.mod h1:Uo5YRy6AGLAHDZj9jaOI+AWoQ1H3L0v79728pPMkm9Q=
|
|
||||||
github.com/grassrootseconomics/celoutils v1.3.0 h1:0NTdYh0jboGlVnfML7fbgWLjrC0jA+F1J/Ze01IkNlY=
|
|
||||||
github.com/grassrootseconomics/celoutils v1.3.0/go.mod h1:Uo5YRy6AGLAHDZj9jaOI+AWoQ1H3L0v79728pPMkm9Q=
|
|
||||||
github.com/grassrootseconomics/celoutils v1.4.0 h1:AJNKiOpfnQqZ3kRxeUlhWH/zlDDjhtbs/OzAMb5zU4A=
|
github.com/grassrootseconomics/celoutils v1.4.0 h1:AJNKiOpfnQqZ3kRxeUlhWH/zlDDjhtbs/OzAMb5zU4A=
|
||||||
github.com/grassrootseconomics/celoutils v1.4.0/go.mod h1:Uo5YRy6AGLAHDZj9jaOI+AWoQ1H3L0v79728pPMkm9Q=
|
github.com/grassrootseconomics/celoutils v1.4.0/go.mod h1:Uo5YRy6AGLAHDZj9jaOI+AWoQ1H3L0v79728pPMkm9Q=
|
||||||
github.com/grassrootseconomics/w3-celo-patch v0.2.0 h1:YqibbPzX0tQKmxU1nUGzThPKk/fiYeYZY6Aif3eyu8U=
|
github.com/grassrootseconomics/w3-celo-patch v0.2.0 h1:YqibbPzX0tQKmxU1nUGzThPKk/fiYeYZY6Aif3eyu8U=
|
||||||
|
@ -31,7 +31,7 @@ func HandleSignTransfer(cu *custodial.Custodial) func(echo.Context) error {
|
|||||||
From string `json:"from" validate:"required,eth_addr_checksum"`
|
From string `json:"from" validate:"required,eth_addr_checksum"`
|
||||||
To string `json:"to" validate:"required,eth_addr_checksum"`
|
To string `json:"to" validate:"required,eth_addr_checksum"`
|
||||||
VoucherAddress string `json:"voucherAddress" validate:"required,eth_addr_checksum"`
|
VoucherAddress string `json:"voucherAddress" validate:"required,eth_addr_checksum"`
|
||||||
Amount uint64 `json:"amount" validate:"required"`
|
Amount uint64 `json:"amount" validate:"gt=0"`
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
107
internal/api/sign_transfer_auth.go
Normal file
107
internal/api/sign_transfer_auth.go
Normal file
@ -0,0 +1,107 @@
|
|||||||
|
package api
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/json"
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/google/uuid"
|
||||||
|
"github.com/grassrootseconomics/cic-custodial/internal/custodial"
|
||||||
|
"github.com/grassrootseconomics/cic-custodial/internal/tasker"
|
||||||
|
"github.com/grassrootseconomics/cic-custodial/internal/tasker/task"
|
||||||
|
"github.com/labstack/echo/v4"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Max 10k vouchers per approval session
|
||||||
|
const approvalSafetyLimit = 10000 * 1000000
|
||||||
|
|
||||||
|
// HandleSignTransferAuthorization godoc
|
||||||
|
//
|
||||||
|
// @Summary Sign and dispatch a transfer authorization (approve) request.
|
||||||
|
// @Description Sign and dispatch a transfer authorization (approve) request.
|
||||||
|
// @Tags network
|
||||||
|
// @Accept json
|
||||||
|
// @Produce json
|
||||||
|
// @Param signTransferAuthorzationRequest body object{amount=uint64,authorizer=string,authorizedAddress=string,voucherAddress=string} true "Sign Transfer Authorization (approve) Request"
|
||||||
|
// @Success 200 {object} OkResp
|
||||||
|
// @Failure 400 {object} ErrResp
|
||||||
|
// @Failure 500 {object} ErrResp
|
||||||
|
// @Router /sign/transferAuth [post]
|
||||||
|
func HandleSignTranserAuthorization(cu *custodial.Custodial) func(echo.Context) error {
|
||||||
|
return func(c echo.Context) error {
|
||||||
|
var (
|
||||||
|
req struct {
|
||||||
|
Amount uint64 `json:"amount" validate:"gte=0"`
|
||||||
|
Authorizer string `json:"authorizer" validate:"required,eth_addr_checksum"`
|
||||||
|
AuthorizedAddress string `json:"authorizedAddress" validate:"required,eth_addr_checksum"`
|
||||||
|
VoucherAddress string `json:"voucherAddress" validate:"required,eth_addr_checksum"`
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
if err := c.Bind(&req); err != nil {
|
||||||
|
return NewBadRequestError(ErrInvalidJSON)
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := c.Validate(req); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
accountActive, gasLock, err := cu.Store.GetAccountStatus(c.Request().Context(), req.Authorizer)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if req.Amount > approvalSafetyLimit {
|
||||||
|
return c.JSON(http.StatusForbidden, ErrResp{
|
||||||
|
Ok: false,
|
||||||
|
Message: "Approval amount per session exceeds 10k.",
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
if !accountActive {
|
||||||
|
return c.JSON(http.StatusForbidden, ErrResp{
|
||||||
|
Ok: false,
|
||||||
|
Message: "Account pending activation. Try again later.",
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
if gasLock {
|
||||||
|
return c.JSON(http.StatusForbidden, ErrResp{
|
||||||
|
Ok: false,
|
||||||
|
Message: "Gas lock. Gas balance unavailable. Try again later.",
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
trackingId := uuid.NewString()
|
||||||
|
|
||||||
|
taskPayload, err := json.Marshal(task.TransferAuthPayload{
|
||||||
|
TrackingId: trackingId,
|
||||||
|
Amount: req.Amount,
|
||||||
|
Authorizer: req.Authorizer,
|
||||||
|
AuthorizedAddress: req.AuthorizedAddress,
|
||||||
|
VoucherAddress: req.VoucherAddress,
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = cu.TaskerClient.CreateTask(
|
||||||
|
c.Request().Context(),
|
||||||
|
tasker.SignTransferTaskAuth,
|
||||||
|
tasker.DefaultPriority,
|
||||||
|
&tasker.Task{
|
||||||
|
Id: trackingId,
|
||||||
|
Payload: taskPayload,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
return c.JSON(http.StatusOK, OkResp{
|
||||||
|
Ok: true,
|
||||||
|
Result: H{
|
||||||
|
"trackingId": trackingId,
|
||||||
|
},
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
@ -3,6 +3,7 @@ package custodial
|
|||||||
import "github.com/grassrootseconomics/w3-celo-patch"
|
import "github.com/grassrootseconomics/w3-celo-patch"
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
Approve = "approve"
|
||||||
Check = "check"
|
Check = "check"
|
||||||
GiveTo = "giveTo"
|
GiveTo = "giveTo"
|
||||||
MintTo = "mintTo"
|
MintTo = "mintTo"
|
||||||
@ -16,12 +17,12 @@ const (
|
|||||||
// Any relevant function signature that will be used by the custodial system can be defined here.
|
// Any relevant function signature that will be used by the custodial system can be defined here.
|
||||||
func initAbis() map[string]*w3.Func {
|
func initAbis() map[string]*w3.Func {
|
||||||
return map[string]*w3.Func{
|
return map[string]*w3.Func{
|
||||||
|
Approve: w3.MustNewFunc("approve(address, uint256)", "bool"),
|
||||||
Check: w3.MustNewFunc("check(address)", "bool"),
|
Check: w3.MustNewFunc("check(address)", "bool"),
|
||||||
GiveTo: w3.MustNewFunc("giveTo(address)", "uint256"),
|
GiveTo: w3.MustNewFunc("giveTo(address)", "uint256"),
|
||||||
MintTo: w3.MustNewFunc("mintTo(address, uint256)", "bool"),
|
MintTo: w3.MustNewFunc("mintTo(address, uint256)", "bool"),
|
||||||
NextTime: w3.MustNewFunc("nextTime(address)", "uint256"),
|
NextTime: w3.MustNewFunc("nextTime(address)", "uint256"),
|
||||||
Register: w3.MustNewFunc("register(address)", ""),
|
Register: w3.MustNewFunc("register(address)", ""),
|
||||||
Transfer: w3.MustNewFunc("transfer(address,uint256)", "bool"),
|
Transfer: w3.MustNewFunc("transfer(address,uint256)", "bool"),
|
||||||
TransferFrom: w3.MustNewFunc("transferFrom(address, address, uint256)", "bool"),
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -3,6 +3,7 @@ package custodial
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/bsm/redislock"
|
"github.com/bsm/redislock"
|
||||||
"github.com/celo-org/celo-blockchain/common"
|
"github.com/celo-org/celo-blockchain/common"
|
||||||
@ -19,6 +20,7 @@ import (
|
|||||||
|
|
||||||
type (
|
type (
|
||||||
Opts struct {
|
Opts struct {
|
||||||
|
ApprovalTimeout time.Duration
|
||||||
CeloProvider *celoutils.Provider
|
CeloProvider *celoutils.Provider
|
||||||
LockProvider *redislock.Client
|
LockProvider *redislock.Client
|
||||||
Logg logf.Logger
|
Logg logf.Logger
|
||||||
@ -32,6 +34,7 @@ type (
|
|||||||
}
|
}
|
||||||
|
|
||||||
Custodial struct {
|
Custodial struct {
|
||||||
|
ApprovalTimeout time.Duration
|
||||||
Abis map[string]*w3.Func
|
Abis map[string]*w3.Func
|
||||||
CeloProvider *celoutils.Provider
|
CeloProvider *celoutils.Provider
|
||||||
LockProvider *redislock.Client
|
LockProvider *redislock.Client
|
||||||
@ -69,6 +72,7 @@ func NewCustodial(o Opts) (*Custodial, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
return &Custodial{
|
return &Custodial{
|
||||||
|
ApprovalTimeout: o.ApprovalTimeout,
|
||||||
Abis: initAbis(),
|
Abis: initAbis(),
|
||||||
CeloProvider: o.CeloProvider,
|
CeloProvider: o.CeloProvider,
|
||||||
LockProvider: o.LockProvider,
|
LockProvider: o.LockProvider,
|
||||||
|
@ -17,10 +17,6 @@ import (
|
|||||||
"github.com/hibiken/asynq"
|
"github.com/hibiken/asynq"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
|
||||||
gasGiveToLimit = 250000
|
|
||||||
)
|
|
||||||
|
|
||||||
func AccountRefillGasProcessor(cu *custodial.Custodial) func(context.Context, *asynq.Task) error {
|
func AccountRefillGasProcessor(cu *custodial.Custodial) func(context.Context, *asynq.Task) error {
|
||||||
return func(ctx context.Context, t *asynq.Task) error {
|
return func(ctx context.Context, t *asynq.Task) error {
|
||||||
var (
|
var (
|
||||||
|
@ -60,13 +60,16 @@ func SignTransfer(cu *custodial.Custodial) func(context.Context, *asynq.Task) er
|
|||||||
}
|
}
|
||||||
defer func() {
|
defer func() {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if nErr := cu.Noncestore.Return(ctx, cu.SystemPublicKey); nErr != nil {
|
if nErr := cu.Noncestore.Return(ctx, payload.From); nErr != nil {
|
||||||
err = nErr
|
err = nErr
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
|
|
||||||
input, err := cu.Abis[custodial.Transfer].EncodeArgs(celoutils.HexToAddress(payload.To), new(big.Int).SetUint64(payload.Amount))
|
input, err := cu.Abis[custodial.Transfer].EncodeArgs(
|
||||||
|
celoutils.HexToAddress(payload.To),
|
||||||
|
new(big.Int).SetUint64(payload.Amount),
|
||||||
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
196
internal/tasker/task/sign_transfer_auth.go
Normal file
196
internal/tasker/task/sign_transfer_auth.go
Normal file
@ -0,0 +1,196 @@
|
|||||||
|
package task
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"encoding/json"
|
||||||
|
"math/big"
|
||||||
|
|
||||||
|
"github.com/bsm/redislock"
|
||||||
|
"github.com/celo-org/celo-blockchain/common/hexutil"
|
||||||
|
"github.com/grassrootseconomics/celoutils"
|
||||||
|
"github.com/grassrootseconomics/cic-custodial/internal/custodial"
|
||||||
|
"github.com/grassrootseconomics/cic-custodial/internal/store"
|
||||||
|
"github.com/grassrootseconomics/cic-custodial/internal/tasker"
|
||||||
|
"github.com/grassrootseconomics/cic-custodial/pkg/enum"
|
||||||
|
"github.com/grassrootseconomics/w3-celo-patch/module/eth"
|
||||||
|
"github.com/hibiken/asynq"
|
||||||
|
)
|
||||||
|
|
||||||
|
type TransferAuthPayload struct {
|
||||||
|
Amount uint64 `json:"amount"`
|
||||||
|
Authorizer string `json:"authorizer"`
|
||||||
|
AuthorizedAddress string `json:"authorizedAddress"`
|
||||||
|
TrackingId string `json:"trackingId"`
|
||||||
|
VoucherAddress string `json:"voucherAddress"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func SignTransferAuthorizationProcessor(cu *custodial.Custodial) func(context.Context, *asynq.Task) error {
|
||||||
|
return func(ctx context.Context, t *asynq.Task) error {
|
||||||
|
var (
|
||||||
|
err error
|
||||||
|
networkBalance big.Int
|
||||||
|
payload TransferAuthPayload
|
||||||
|
)
|
||||||
|
|
||||||
|
if err := json.Unmarshal(t.Payload(), &payload); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
lock, err := cu.LockProvider.Obtain(
|
||||||
|
ctx,
|
||||||
|
lockPrefix+payload.Authorizer,
|
||||||
|
lockTimeout,
|
||||||
|
&redislock.Options{
|
||||||
|
RetryStrategy: lockRetry(),
|
||||||
|
},
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
defer lock.Release(ctx)
|
||||||
|
|
||||||
|
key, err := cu.Store.LoadPrivateKey(ctx, payload.Authorizer)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
nonce, err := cu.Noncestore.Acquire(ctx, payload.Authorizer)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
defer func() {
|
||||||
|
if err != nil {
|
||||||
|
if nErr := cu.Noncestore.Return(ctx, payload.Authorizer); nErr != nil {
|
||||||
|
err = nErr
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
|
||||||
|
input, err := cu.Abis[custodial.Approve].EncodeArgs(
|
||||||
|
celoutils.HexToAddress(payload.AuthorizedAddress),
|
||||||
|
new(big.Int).SetUint64(payload.Amount),
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
builtTx, err := cu.CeloProvider.SignContractExecutionTx(
|
||||||
|
key,
|
||||||
|
celoutils.ContractExecutionTxOpts{
|
||||||
|
ContractAddress: celoutils.HexToAddress(payload.VoucherAddress),
|
||||||
|
InputData: input,
|
||||||
|
GasFeeCap: celoutils.SafeGasFeeCap,
|
||||||
|
GasTipCap: celoutils.SafeGasTipCap,
|
||||||
|
GasLimit: uint64(celoutils.SafeGasLimit),
|
||||||
|
Nonce: nonce,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
rawTx, err := builtTx.MarshalBinary()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
id, err := cu.Store.CreateOtx(ctx, store.Otx{
|
||||||
|
TrackingId: payload.TrackingId,
|
||||||
|
Type: enum.TRANSFER_AUTH,
|
||||||
|
RawTx: hexutil.Encode(rawTx),
|
||||||
|
TxHash: builtTx.Hash().Hex(),
|
||||||
|
From: cu.SystemPublicKey,
|
||||||
|
Data: hexutil.Encode(builtTx.Data()),
|
||||||
|
GasPrice: builtTx.GasPrice(),
|
||||||
|
GasLimit: builtTx.Gas(),
|
||||||
|
TransferValue: 0,
|
||||||
|
Nonce: builtTx.Nonce(),
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := cu.CeloProvider.Client.CallCtx(
|
||||||
|
ctx,
|
||||||
|
eth.Balance(celoutils.HexToAddress(payload.Authorizer), nil).Returns(&networkBalance),
|
||||||
|
); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
disptachJobPayload, err := json.Marshal(TxPayload{
|
||||||
|
OtxId: id,
|
||||||
|
Tx: builtTx,
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = cu.TaskerClient.CreateTask(
|
||||||
|
ctx,
|
||||||
|
tasker.DispatchTxTask,
|
||||||
|
tasker.HighPriority,
|
||||||
|
&tasker.Task{
|
||||||
|
Payload: disptachJobPayload,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Auto-revoke every session (15 min)
|
||||||
|
// Check if already a revoke request
|
||||||
|
if payload.Amount > 0 {
|
||||||
|
taskPayload, err := json.Marshal(TransferAuthPayload{
|
||||||
|
TrackingId: payload.TrackingId,
|
||||||
|
Amount: 0,
|
||||||
|
Authorizer: payload.Authorizer,
|
||||||
|
AuthorizedAddress: payload.AuthorizedAddress,
|
||||||
|
VoucherAddress: payload.VoucherAddress,
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = cu.TaskerClient.CreateTask(
|
||||||
|
ctx,
|
||||||
|
tasker.SignTransferTaskAuth,
|
||||||
|
tasker.DefaultPriority,
|
||||||
|
&tasker.Task{
|
||||||
|
Payload: taskPayload,
|
||||||
|
},
|
||||||
|
asynq.ProcessIn(cu.ApprovalTimeout),
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
gasRefillPayload, err := json.Marshal(AccountPayload{
|
||||||
|
PublicKey: payload.Authorizer,
|
||||||
|
TrackingId: payload.TrackingId,
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if !balanceCheck(networkBalance) {
|
||||||
|
if err := cu.Store.GasLock(ctx, payload.Authorizer); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = cu.TaskerClient.CreateTask(
|
||||||
|
ctx,
|
||||||
|
tasker.AccountRefillGasTask,
|
||||||
|
tasker.DefaultPriority,
|
||||||
|
&tasker.Task{
|
||||||
|
Payload: gasRefillPayload,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
}
|
@ -18,6 +18,7 @@ const (
|
|||||||
AccountRegisterTask TaskName = "sys:register_account"
|
AccountRegisterTask TaskName = "sys:register_account"
|
||||||
AccountRefillGasTask TaskName = "sys:refill_gas"
|
AccountRefillGasTask TaskName = "sys:refill_gas"
|
||||||
SignTransferTask TaskName = "usr:sign_transfer"
|
SignTransferTask TaskName = "usr:sign_transfer"
|
||||||
|
SignTransferTaskAuth TaskName = "usr:sign_transfer_auth"
|
||||||
DispatchTxTask TaskName = "rpc:dispatch"
|
DispatchTxTask TaskName = "rpc:dispatch"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
1
migrations/006_transfer_auth.sql
Normal file
1
migrations/006_transfer_auth.sql
Normal file
@ -0,0 +1 @@
|
|||||||
|
INSERT INTO otx_tx_type (value) VALUES ('TRANSFER_AUTHORIZATION');
|
@ -21,5 +21,6 @@ const (
|
|||||||
|
|
||||||
ACCOUNT_REGISTER OtxType = "ACCOUNT_REGISTER"
|
ACCOUNT_REGISTER OtxType = "ACCOUNT_REGISTER"
|
||||||
REFILL_GAS OtxType = "REFILL_GAS"
|
REFILL_GAS OtxType = "REFILL_GAS"
|
||||||
|
TRANSFER_AUTH OtxType = "TRANSFER_AUTHORIZATION"
|
||||||
TRANSFER_VOUCHER OtxType = "TRANSFER_VOUCHER"
|
TRANSFER_VOUCHER OtxType = "TRANSFER_VOUCHER"
|
||||||
)
|
)
|
||||||
|
Loading…
Reference in New Issue
Block a user