diff --git a/apps/authz/Makefile b/apps/authz/Makefile index 2a9a633d3..f85248bcc 100644 --- a/apps/authz/Makefile +++ b/apps/authz/Makefile @@ -60,9 +60,11 @@ authz/rego/bundle: authz/rego/eval: opa eval \ --format="pretty" \ - --bundle ${AUTHZ_PROJECT_DIR}/src/app/opa/build/policies.tar.gz \ + --target="wasm" \ + --bundle ./rego-build/policies.gz \ --input ${AUTHZ_PROJECT_DIR}/src/app/opa/rego/input.json \ - 'data.main.evaluate' + --data ./rego-build/data.json \ + 'main.evaluate' authz/rego/test: opa test \ diff --git a/apps/authz/src/app/app.controller.ts b/apps/authz/src/app/app.controller.ts index 333793f0d..4bbd8cca8 100644 --- a/apps/authz/src/app/app.controller.ts +++ b/apps/authz/src/app/app.controller.ts @@ -1,6 +1,6 @@ import { EvaluationRequestDto } from '@app/authz/app/evaluation-request.dto' import { generateInboundRequest } from '@app/authz/shared/module/persistence/mock_data' -import { AuthZRequestPayload } from '@app/authz/shared/types/http' +import { AuthZRequestPayload } from '@app/authz/shared/types/domain.type' import { Body, Controller, Get, Logger, Post } from '@nestjs/common' import { AppService } from './app.service' diff --git a/apps/authz/src/app/app.service.ts b/apps/authz/src/app/app.service.ts index 7283bb047..d4b121b2b 100644 --- a/apps/authz/src/app/app.service.ts +++ b/apps/authz/src/app/app.service.ts @@ -1,13 +1,13 @@ import { PersistenceRepository } from '@app/authz/shared/module/persistence/persistence.repository' -import { Alg } from '@app/authz/shared/types/enums' import { + Alg, AuthCredential, AuthZRequest, AuthZRequestPayload, AuthZResponse, NarvalDecision, RequestSignature -} from '@app/authz/shared/types/http' +} from '@app/authz/shared/types/domain.type' import { OpaResult, RegoInput } from '@app/authz/shared/types/rego' import { hashRequest } from '@narval/authz-shared' import { safeDecode } from '@narval/transaction-request-intent' diff --git a/apps/authz/src/app/evaluation-request.dto.ts b/apps/authz/src/app/evaluation-request.dto.ts index 2ed00265a..641da5e1a 100644 --- a/apps/authz/src/app/evaluation-request.dto.ts +++ b/apps/authz/src/app/evaluation-request.dto.ts @@ -1,8 +1,7 @@ -import { Action, Alg } from '@app/authz/shared/types/enums' -import { Address, FiatSymbols, Hex } from '@app/authz/shared/types/http' +import { AccessList, Action, Address, Alg, FiatSymbols, Hex } from '@app/authz/shared/types/domain.type' import { ApiExtraModels, ApiProperty, getSchemaPath } from '@nestjs/swagger' import { Transform, Type } from 'class-transformer' -import { IsDefined, IsEnum, IsEthereumAddress, IsString, ValidateNested } from 'class-validator' +import { IsDefined, IsEnum, IsEthereumAddress, IsOptional, IsString, ValidateNested } from 'class-validator' import { Caip10 } from 'packages/transaction-request-intent/src/lib/caip' export class RequestSignatureDto { @@ -54,16 +53,39 @@ export class TransactionRequestDto { }) data?: Hex - gas: Hex + @IsOptional() + @Transform(({ value }) => BigInt(value)) + @ApiProperty({ + format: 'bigint', + required: false, + type: 'string' + }) + gas?: bigint + @IsOptional() + @Transform(({ value }) => BigInt(value)) + @ApiProperty({ + format: 'bigint', + required: false, + type: 'string' + }) + maxFeePerGas?: bigint + @IsOptional() + @Transform(({ value }) => BigInt(value)) + @ApiProperty({ + format: 'bigint', + required: false, + type: 'string' + }) + maxPriorityFeePerGas?: bigint @ApiProperty() nonce?: number value?: Hex - chainId: string + chainId: number - accessList?: { address: Address; storageKeys: Hex[] }[] + accessList?: AccessList type?: '2' } diff --git a/apps/authz/src/shared/module/persistence/mock_data.ts b/apps/authz/src/shared/module/persistence/mock_data.ts index 8aaf09ce4..3e7f32a12 100644 --- a/apps/authz/src/shared/module/persistence/mock_data.ts +++ b/apps/authz/src/shared/module/persistence/mock_data.ts @@ -1,3 +1,12 @@ +import { + AccountType, + Action, + Alg, + AuthCredential, + AuthZRequestPayload, + TransactionRequest, + UserRoles +} from '@app/authz/shared/types/domain.type' import { AddressBookAccount, RegoData, @@ -7,8 +16,6 @@ import { Wallet, WalletGroup } from '@app/authz/shared/types/entities.types' -import { AccountType, Action, Alg, UserRoles } from '@app/authz/shared/types/enums' -import { AuthCredential, AuthZRequestPayload, TransactionRequest } from '@app/authz/shared/types/http' import { RegoInput } from '@app/authz/shared/types/rego' import { hashRequest } from '@narval/authz-shared' import { Caip10, Caip19 } from 'packages/transaction-request-intent/src/lib/caip' @@ -158,28 +165,28 @@ export const TREASURY_WALLET_GROUP: WalletGroup = { export const SHY_ACCOUNT_137: AddressBookAccount = { uid: 'eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e', address: '0xddcf208f219a6e6af072f2cfdc615b2c1805f98e', - chainId: '137', + chainId: 137, classification: 'wallet' } export const SHY_ACCOUNT_1: AddressBookAccount = { uid: 'eip155:1:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e', address: '0xddcf208f219a6e6af072f2cfdc615b2c1805f98e', - chainId: '1', + chainId: 1, classification: 'wallet' } export const ACCOUNT_Q_137: AddressBookAccount = { uid: 'eip155:137:0x08a08d0504d4f3363a5b7fda1f5fff1c7bca8ad4', address: '0x08a08d0504d4f3363a5b7fda1f5fff1c7bca8ad4', - chainId: '137', + chainId: 137, classification: 'wallet' } export const ACCOUNT_INTERNAL_WXZ_137: AddressBookAccount = { uid: 'eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3', address: '0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3', - chainId: '137', + chainId: 137, classification: 'internal' } diff --git a/apps/authz/src/shared/module/persistence/persistence.repository.ts b/apps/authz/src/shared/module/persistence/persistence.repository.ts index f8046fb34..4dc74c3ef 100644 --- a/apps/authz/src/shared/module/persistence/persistence.repository.ts +++ b/apps/authz/src/shared/module/persistence/persistence.repository.ts @@ -1,4 +1,4 @@ -import { AuthCredential } from '@app/authz/shared/types/http' +import { AuthCredential } from '@app/authz/shared/types/domain.type' import { Injectable, Logger, OnModuleInit } from '@nestjs/common' import { mockEntityData, userAddressStore, userCredentialStore } from './mock_data' diff --git a/apps/authz/src/shared/types/http.ts b/apps/authz/src/shared/types/domain.type.ts similarity index 76% rename from apps/authz/src/shared/types/http.ts rename to apps/authz/src/shared/types/domain.type.ts index 45a249021..d67b162f2 100644 --- a/apps/authz/src/shared/types/http.ts +++ b/apps/authz/src/shared/types/domain.type.ts @@ -1,5 +1,47 @@ +import { Action, TransactionRequest } from '@narval/authz-shared' import { Caip10 } from 'packages/transaction-request-intent/src/lib/caip' -import { Action, Alg } from './enums' + +export * from '@narval/authz-shared' + +export enum AccountType { + EOA = 'eoa', + AA = '4337' +} + +export enum UserRoles { + ROOT = 'root', + ADMIN = 'admin', + MEMBER = 'member', + MANAGER = 'manager' +} + +export enum Decisions { + ALLOW = 'Allow', + DENY = 'Deny', + CONFIRM = 'Confirm' +} + +export enum ValueOperators { + GREATER_THAN = 'gt', + LESS_THAN = 'lt', + GREATER_THAN_OR_EQUAL = 'gte', + LESS_THAN_OR_EQUAL = 'lte', + EQUAL = 'eq', + NOT_EQUAL = 'ne' +} + +export enum IdentityOperators { + IS = 'is', + IS_NOT = 'is_not', + CONTAINS = 'contains', + IN = 'in' +} + +export enum Alg { + ES256K = 'ES256K', // secp256k1, an Ethereum EOA + ES256 = 'ES256', // secp256r1, ecdsa but not ethereum + RS256 = 'RS256' +} export enum FiatSymbols { USD = 'fiat:usd', @@ -17,28 +59,6 @@ export type HistoricalTransfer = { timestamp: number // unix timestamp } -// Types ripped from viem; combining a few though because they don't have chainId on txRequest -export type Hex = `0x${string}` -export type Address = `0x${string}` -export type AccessList = { address: Address; storageKeys: Hex[] }[] -export type TransactionRequest = { - /** Contract code or a hashed method call with encoded args */ - data?: Hex - /** Transaction sender */ - from: Address - /** Gas provided for transaction execution */ - gas?: TQuantity - /** Unique number identifying this transaction */ - nonce?: TIndex - /** Transaction recipient */ - to?: Address | null - /** Value in wei sent with this transaction */ - value?: TQuantity - chainId: string | null - accessList?: AccessList - type?: TTransactionType -} - /** * The activity/data being authorized. This must include all the data being authorized, and nothing except the data being authorized. * This is the data that will be hashed and signed. diff --git a/apps/authz/src/shared/types/entities.types.ts b/apps/authz/src/shared/types/entities.types.ts index 5081f5454..14701f105 100644 --- a/apps/authz/src/shared/types/entities.types.ts +++ b/apps/authz/src/shared/types/entities.types.ts @@ -1,4 +1,4 @@ -import { AccountType, UserRoles } from './enums' +import { AccountType, UserRoles } from './domain.type' type UUID = string @@ -18,7 +18,7 @@ export type Wallet = { uid: string address: string accountType: AccountType - chainId?: string + chainId?: number assignees?: string[] // userIds } @@ -31,7 +31,7 @@ export type WalletGroup = { export type AddressBookAccount = { uid: string address: string - chainId: string + chainId: number classification: string } diff --git a/apps/authz/src/shared/types/enums.ts b/apps/authz/src/shared/types/enums.ts deleted file mode 100644 index 6f6f0acd6..000000000 --- a/apps/authz/src/shared/types/enums.ts +++ /dev/null @@ -1,67 +0,0 @@ -// Note: Action is a shared enum w/ every other module -export enum Action { - // Resource Actions - CREATE_USER = 'user:create', - EDIT_USER = 'user:edit', - DELETE_USER = 'user:delete', - CHANGE_USER_ROLE = 'user:change-role', - CREATE_WALLET = 'wallet:create', - EDIT_WALLET = 'wallet:edit', - ASSIGN_WALLET = 'wallet:assign', - UNASSIGN_WALLET = 'wallet:unassign', - CREATE_USER_GROUP = 'user-group:create', - EDIT_USER_GROUP = 'user-group:edit', - DELETE_USER_GROUP = 'user-group:delete', - CREATE_WALLET_GROUP = 'wallet-group:create', - EDIT_WALLET_GROUP = 'wallet-group:edit', - DELETE_WALLET_GROUP = 'wallet-group:delete', - - // Policy Management Actions - SET_POLICY_RULES = 'setPolicyRules', - - // Wallet Actions - SIGN_TRANSACTION = 'signTransaction', - SIGN_RAW = 'signRaw', - SIGN_MESSAGE = 'signMessage', - SIGN_TYPED_DATA = 'signTypedData' -} - -export enum AccountType { - EOA = 'eoa', - AA = '4337' -} - -export enum UserRoles { - ROOT = 'root', - ADMIN = 'admin', - MEMBER = 'member', - MANAGER = 'manager' -} - -export enum Decisions { - ALLOW = 'Allow', - DENY = 'Deny', - CONFIRM = 'Confirm' -} - -export enum ValueOperators { - GREATER_THAN = 'gt', - LESS_THAN = 'lt', - GREATER_THAN_OR_EQUAL = 'gte', - LESS_THAN_OR_EQUAL = 'lte', - EQUAL = 'eq', - NOT_EQUAL = 'ne' -} - -export enum IdentityOperators { - IS = 'is', - IS_NOT = 'is_not', - CONTAINS = 'contains', - IN = 'in' -} - -export enum Alg { - ES256K = 'ES256K', // secp256k1, an Ethereum EOA - ES256 = 'ES256', // secp256r1, ecdsa but not ethereum - RS256 = 'RS256' -} diff --git a/apps/authz/src/shared/types/rego.ts b/apps/authz/src/shared/types/rego.ts index 29a81d16a..0049ed728 100644 --- a/apps/authz/src/shared/types/rego.ts +++ b/apps/authz/src/shared/types/rego.ts @@ -1,6 +1,5 @@ import { Intent } from 'packages/transaction-request-intent/src/lib/intent.types' -import { Action } from './enums' -import { ApprovalRequirement, AuthCredential, HistoricalTransfer, TransactionRequest } from './http' +import { Action, ApprovalRequirement, AuthCredential, HistoricalTransfer, TransactionRequest } from './domain.type' export type RegoInput = { action: Action diff --git a/packages/authz-shared/src/lib/type/domain.type.ts b/packages/authz-shared/src/lib/type/domain.type.ts index 0d26672ec..c17b3d313 100644 --- a/packages/authz-shared/src/lib/type/domain.type.ts +++ b/packages/authz-shared/src/lib/type/domain.type.ts @@ -46,11 +46,13 @@ export enum TransactionType { export type TransactionRequest = { chainId: number from: Address - nonce: number + nonce?: number accessList?: AccessList data?: Hex gas?: bigint + maxFeePerGas?: bigint + maxPriorityFeePerGas?: bigint to?: Address | null - type?: `${TransactionType}` + type?: '2' value?: Hex } diff --git a/packages/transaction-request-intent/src/lib/__test__/unit/mocks.ts b/packages/transaction-request-intent/src/lib/__test__/unit/mocks.ts index d00c18f2a..b17aadcf3 100644 --- a/packages/transaction-request-intent/src/lib/__test__/unit/mocks.ts +++ b/packages/transaction-request-intent/src/lib/__test__/unit/mocks.ts @@ -32,7 +32,7 @@ export type Wallet = { uid: string address: string accountType: AccountType - chainId?: string + chainId?: number assignees?: string[] // userIds } @@ -45,7 +45,7 @@ export type WalletGroup = { export type AddressBookAccount = { uid: string address: string - chainId: string + chainId: number classification: string } @@ -213,28 +213,28 @@ export const TREASURY_WALLET_GROUP: WalletGroup = { export const SHY_ACCOUNT_137: AddressBookAccount = { uid: 'eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e', address: '0xddcf208f219a6e6af072f2cfdc615b2c1805f98e', - chainId: '137', + chainId: 137, classification: 'wallet' } export const SHY_ACCOUNT_1: AddressBookAccount = { uid: 'eip155:1:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e', address: '0xddcf208f219a6e6af072f2cfdc615b2c1805f98e', - chainId: '1', + chainId: 1, classification: 'wallet' } export const ACCOUNT_Q_137: AddressBookAccount = { uid: 'eip155:137:0x08a08d0504d4f3363a5b7fda1f5fff1c7bca8ad4', address: '0x08a08d0504d4f3363a5b7fda1f5fff1c7bca8ad4', - chainId: '137', + chainId: 137, classification: 'wallet' } export const ACCOUNT_INTERNAL_WXZ_137: AddressBookAccount = { uid: 'eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3', address: '0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3', - chainId: '137', + chainId: 137, classification: 'internal' } diff --git a/packages/transaction-request-intent/src/lib/transaction.type.ts b/packages/transaction-request-intent/src/lib/transaction.type.ts index 6090394c0..e796c81f3 100644 --- a/packages/transaction-request-intent/src/lib/transaction.type.ts +++ b/packages/transaction-request-intent/src/lib/transaction.type.ts @@ -1,19 +1,14 @@ import { AccessList, Address, Hex } from 'viem' -export type TransactionRequest = { - /** Contract code or a hashed method call with encoded args */ - data?: Hex - /** Transaction sender */ +// TODO: Copied from new @authz-shared package; change to importing that directly +export type TransactionRequest = { + chainId: number from: Address - /** Gas provided for transaction execution */ - gas?: TQuantity - /** Unique number identifying this transaction */ - nonce?: TIndex - /** Transaction recipient */ - to?: Address | null - /** Value in wei sent with this transaction */ - value?: TQuantity - chainId: string | null + nonce?: number accessList?: AccessList - type?: TTransactionType + data?: Hex + gas?: bigint + to?: Address | null + type?: '2' + value?: Hex }