242 lines
9.5 KiB
Rust
242 lines
9.5 KiB
Rust
// Copyright 2015-2017 Parity Technologies (UK) Ltd.
|
|
// This file is part of Parity.
|
|
|
|
// Parity is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
|
|
// Parity is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU General Public License for more details.
|
|
|
|
// You should have received a copy of the GNU General Public License
|
|
// along with Parity. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
//! Smart contract based transaction filter.
|
|
|
|
use std::sync::Weak;
|
|
use std::collections::HashMap;
|
|
use std::collections::hash_map::Entry;
|
|
use bigint::hash::H256;
|
|
use native_contracts::TransactAcl as Contract;
|
|
use client::{EngineClient, BlockId, ChainNotify};
|
|
use util::Address;
|
|
use bytes::Bytes;
|
|
use parking_lot::{Mutex, RwLock};
|
|
use futures::{self, Future};
|
|
use spec::CommonParams;
|
|
use transaction::{Action, SignedTransaction};
|
|
use hash::KECCAK_EMPTY;
|
|
|
|
const MAX_CACHE_SIZE: usize = 4096;
|
|
|
|
mod tx_permissions {
|
|
pub const _ALL: u32 = 0xffffffff;
|
|
pub const NONE: u32 = 0x0;
|
|
pub const BASIC: u32 = 0b00000001;
|
|
pub const CALL: u32 = 0b00000010;
|
|
pub const CREATE: u32 = 0b00000100;
|
|
pub const _PRIVATE: u32 = 0b00001000;
|
|
}
|
|
|
|
/// Connection filter that uses a contract to manage permissions.
|
|
pub struct TransactionFilter {
|
|
contract: Mutex<Option<Contract>>,
|
|
client: RwLock<Option<Weak<EngineClient>>>,
|
|
contract_address: Address,
|
|
permission_cache: Mutex<HashMap<(H256, Address), u32>>,
|
|
}
|
|
|
|
impl TransactionFilter {
|
|
/// Create a new instance if address is specified in params.
|
|
pub fn from_params(params: &CommonParams) -> Option<TransactionFilter> {
|
|
params.transaction_permission_contract.map(|address|
|
|
TransactionFilter {
|
|
contract: Mutex::new(None),
|
|
client: RwLock::new(None),
|
|
contract_address: address,
|
|
permission_cache: Mutex::new(HashMap::new()),
|
|
}
|
|
)
|
|
}
|
|
|
|
/// Clear cached permissions.
|
|
pub fn clear_cache(&self) {
|
|
self.permission_cache.lock().clear();
|
|
}
|
|
|
|
/// Set client reference to be used for contract call.
|
|
pub fn register_client(&self, client: Weak<EngineClient>) {
|
|
*self.client.write() = Some(client);
|
|
}
|
|
|
|
/// Check if transaction is allowed at given block.
|
|
pub fn transaction_allowed(&self, parent_hash: &H256, transaction: &SignedTransaction) -> bool {
|
|
self.client.read().as_ref().map_or(false, |client| {
|
|
let mut cache = self.permission_cache.lock(); let len = cache.len();
|
|
let client = match client.upgrade() {
|
|
Some(client) => client,
|
|
_ => return false,
|
|
};
|
|
|
|
let client = match client.as_full_client() {
|
|
Some(client) => client,
|
|
_ => return false, // TODO: how to handle verification for light clients?
|
|
};
|
|
|
|
let tx_type = match transaction.action {
|
|
Action::Create => tx_permissions::CREATE,
|
|
Action::Call(address) => if client.code_hash(&address, BlockId::Hash(*parent_hash)).map_or(false, |c| c != KECCAK_EMPTY) {
|
|
tx_permissions::CALL
|
|
} else {
|
|
tx_permissions::BASIC
|
|
}
|
|
};
|
|
let sender = transaction.sender();
|
|
match cache.entry((*parent_hash, sender)) {
|
|
Entry::Occupied(entry) => *entry.get() & tx_type != 0,
|
|
Entry::Vacant(entry) => {
|
|
let mut contract = self.contract.lock();
|
|
if contract.is_none() {
|
|
*contract = Some(Contract::new(self.contract_address));
|
|
}
|
|
|
|
let permissions = match &*contract {
|
|
&Some(ref contract) => {
|
|
contract.allowed_tx_types(
|
|
|addr, data| futures::done(client.call_contract(BlockId::Hash(*parent_hash), addr, data)),
|
|
sender,
|
|
).wait().unwrap_or_else(|e| {
|
|
debug!("Error callling tx permissions contract: {:?}", e);
|
|
tx_permissions::NONE
|
|
})
|
|
}
|
|
_ => tx_permissions::NONE,
|
|
};
|
|
|
|
if len < MAX_CACHE_SIZE {
|
|
entry.insert(permissions);
|
|
}
|
|
trace!("Permissions required: {}, got: {}", tx_type, permissions);
|
|
permissions & tx_type != 0
|
|
}
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
impl ChainNotify for TransactionFilter {
|
|
fn new_blocks(&self, imported: Vec<H256>, _invalid: Vec<H256>, _enacted: Vec<H256>, _retracted: Vec<H256>, _sealed: Vec<H256>, _proposed: Vec<Bytes>, _duration: u64) {
|
|
if !imported.is_empty() {
|
|
self.clear_cache();
|
|
}
|
|
}
|
|
}
|
|
|
|
#[cfg(test)]
|
|
mod test {
|
|
use std::sync::{Arc, Weak};
|
|
use spec::Spec;
|
|
use client::{BlockChainClient, Client, ClientConfig, BlockId};
|
|
use miner::Miner;
|
|
use util::{Address};
|
|
use io::IoChannel;
|
|
use ethkey::{Secret, KeyPair};
|
|
use super::TransactionFilter;
|
|
use transaction::{Transaction, Action};
|
|
|
|
/// Contract code: https://gist.github.com/arkpar/38a87cb50165b7e683585eec71acb05a
|
|
#[test]
|
|
fn transaction_filter() {
|
|
let spec_data = r#"
|
|
{
|
|
"name": "TestNodeFilterContract",
|
|
"engine": {
|
|
"authorityRound": {
|
|
"params": {
|
|
"stepDuration": 1,
|
|
"startStep": 2,
|
|
"validators": {
|
|
"contract": "0x0000000000000000000000000000000000000000"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"params": {
|
|
"accountStartNonce": "0x0",
|
|
"maximumExtraDataSize": "0x20",
|
|
"minGasLimit": "0x1388",
|
|
"networkID" : "0x69",
|
|
"gasLimitBoundDivisor": "0x0400",
|
|
"transactionPermissionContract": "0x0000000000000000000000000000000000000005"
|
|
},
|
|
"genesis": {
|
|
"seal": {
|
|
"generic": "0xc180"
|
|
},
|
|
"difficulty": "0x20000",
|
|
"author": "0x0000000000000000000000000000000000000000",
|
|
"timestamp": "0x00",
|
|
"parentHash": "0x0000000000000000000000000000000000000000000000000000000000000000",
|
|
"extraData": "0x",
|
|
"gasLimit": "0x222222"
|
|
},
|
|
"accounts": {
|
|
"0000000000000000000000000000000000000001": { "balance": "1", "builtin": { "name": "ecrecover", "pricing": { "linear": { "base": 3000, "word": 0 } } } },
|
|
"0000000000000000000000000000000000000002": { "balance": "1", "builtin": { "name": "sha256", "pricing": { "linear": { "base": 60, "word": 12 } } } },
|
|
"0000000000000000000000000000000000000003": { "balance": "1", "builtin": { "name": "ripemd160", "pricing": { "linear": { "base": 600, "word": 120 } } } },
|
|
"0000000000000000000000000000000000000004": { "balance": "1", "builtin": { "name": "identity", "pricing": { "linear": { "base": 15, "word": 3 } } } },
|
|
"0000000000000000000000000000000000000005": {
|
|
"balance": "1",
|
|
"constructor": "6060604052341561000f57600080fd5b5b6101868061001f6000396000f30060606040526000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063e17512211461003e575b600080fd5b341561004957600080fd5b610075600480803573ffffffffffffffffffffffffffffffffffffffff16906020019091905050610097565b604051808263ffffffff1663ffffffff16815260200191505060405180910390f35b6000737e5f4552091a69125d5dfcb7b8c2659029395bdf8273ffffffffffffffffffffffffffffffffffffffff1614156100d75763ffffffff9050610155565b732b5ad5c4795c026514f8317c7a215e218dccd6cf8273ffffffffffffffffffffffffffffffffffffffff1614156101155760026001179050610155565b736813eb9362372eef6200f3b1dbc3f819671cba698273ffffffffffffffffffffffffffffffffffffffff1614156101505760019050610155565b600090505b9190505600a165627a7a72305820f1f21cb978925a8a92c6e30c8c81adf598adff6d1ef941cf5ed6c0ec7ad1ae3d0029"
|
|
}
|
|
}
|
|
}
|
|
"#;
|
|
|
|
let spec = Spec::load(&::std::env::temp_dir(), spec_data.as_bytes()).unwrap();
|
|
let client_db = Arc::new(::util::kvdb::in_memory(::db::NUM_COLUMNS.unwrap_or(0)));
|
|
|
|
let client = Client::new(
|
|
ClientConfig::default(),
|
|
&spec,
|
|
client_db,
|
|
Arc::new(Miner::with_spec(&spec)),
|
|
IoChannel::disconnected(),
|
|
).unwrap();
|
|
let key1 = KeyPair::from_secret(Secret::from("0000000000000000000000000000000000000000000000000000000000000001")).unwrap();
|
|
let key2 = KeyPair::from_secret(Secret::from("0000000000000000000000000000000000000000000000000000000000000002")).unwrap();
|
|
let key3 = KeyPair::from_secret(Secret::from("0000000000000000000000000000000000000000000000000000000000000003")).unwrap();
|
|
let key4 = KeyPair::from_secret(Secret::from("0000000000000000000000000000000000000000000000000000000000000004")).unwrap();
|
|
|
|
let filter = TransactionFilter::from_params(spec.params()).unwrap();
|
|
filter.register_client(Arc::downgrade(&client) as Weak<_>);
|
|
let mut basic_tx = Transaction::default();
|
|
basic_tx.action = Action::Call(Address::from("000000000000000000000000000000000000032"));
|
|
let create_tx = Transaction::default();
|
|
let mut call_tx = Transaction::default();
|
|
call_tx.action = Action::Call(Address::from("0000000000000000000000000000000000000005"));
|
|
|
|
let genesis = client.block_hash(BlockId::Latest).unwrap();
|
|
|
|
assert!(filter.transaction_allowed(&genesis, &basic_tx.clone().sign(key1.secret(), None)));
|
|
assert!(filter.transaction_allowed(&genesis, &create_tx.clone().sign(key1.secret(), None)));
|
|
assert!(filter.transaction_allowed(&genesis, &call_tx.clone().sign(key1.secret(), None)));
|
|
|
|
assert!(filter.transaction_allowed(&genesis, &basic_tx.clone().sign(key2.secret(), None)));
|
|
assert!(!filter.transaction_allowed(&genesis, &create_tx.clone().sign(key2.secret(), None)));
|
|
assert!(filter.transaction_allowed(&genesis, &call_tx.clone().sign(key2.secret(), None)));
|
|
|
|
assert!(filter.transaction_allowed(&genesis, &basic_tx.clone().sign(key3.secret(), None)));
|
|
assert!(!filter.transaction_allowed(&genesis, &create_tx.clone().sign(key3.secret(), None)));
|
|
assert!(!filter.transaction_allowed(&genesis, &call_tx.clone().sign(key3.secret(), None)));
|
|
|
|
assert!(!filter.transaction_allowed(&genesis, &basic_tx.clone().sign(key4.secret(), None)));
|
|
assert!(!filter.transaction_allowed(&genesis, &create_tx.clone().sign(key4.secret(), None)));
|
|
assert!(!filter.transaction_allowed(&genesis, &call_tx.clone().sign(key4.secret(), None)));
|
|
}
|
|
}
|
|
|