wip

narval-xyz · Feb 8, 2024 · db0166c · db0166c
1 parent 23c93b8
commit db0166c
Show file tree

Hide file tree

Showing 8 changed files with 365 additions and 75 deletions.
diff --git a/apps/authz/src/app/__test__/e2e/admin.spec.ts b/apps/authz/src/app/__test__/e2e/admin.spec.ts
@@ -459,19 +459,111 @@ describe('Admin Endpoints', () => {
         ],
         request: {
           action: 'setPolicyRules',
-          nonce: 'random-nonce',
           data: [
             {
               then: 'permit',
               name: 'examplePermitPolicy',
               when: [
+                {
+                  criterion: 'checkTransferResourceIntegrity',
+                  args: null
+                },
+                {
+                  criterion: 'checkNonceExists',
+                  args: null
+                },
                 {
                   criterion: 'checkAction',
                   args: ['signTransaction']
                 },
+                {
+                  criterion: 'checkPrincipalId',
+                  args: ['[email protected]']
+                },
+                {
+                  criterion: 'checkWalletId',
+                  args: ['eip155:eoa:0x90d03a8971a2faa19a9d7ffdcbca28fe826a289b']
+                },
                 {
                   criterion: 'checkIntentType',
                   args: ['transferNative']
+                },
+                {
+                  criterion: 'checkIntentToken',
+                  args: ['eip155:137/slip44:966']
+                },
+                {
+                  criterion: 'checkIntentAmount',
+                  args: {
+                    currency: '*',
+                    operator: 'lte',
+                    value: '1000000000000000000'
+                  }
+                },
+                {
+                  criterion: 'checkApprovals',
+                  args: [
+                    {
+                      approvalCount: 2,
+                      countPrincipal: false,
+                      approvalEntityType: 'Narval::User',
+                      entityIds: ['[email protected]', '[email protected]']
+                    },
+                    {
+                      approvalCount: 1,
+                      countPrincipal: false,
+                      approvalEntityType: 'Narval::UserRole',
+                      entityIds: ['admin']
+                    }
+                  ]
+                }
+              ]
+            },
+            {
+              then: 'forbid',
+              name: 'exampleForbidPolicy',
+              when: [
+                {
+                  criterion: 'checkTransferResourceIntegrity',
+                  args: null
+                },
+                {
+                  criterion: 'checkNonceExists',
+                  args: null
+                },
+                {
+                  criterion: 'checkAction',
+                  args: ['signTransaction']
+                },
+                {
+                  criterion: 'checkPrincipalId',
+                  args: ['[email protected]']
+                },
+                {
+                  criterion: 'checkWalletId',
+                  args: ['eip155:eoa:0x90d03a8971a2faa19a9d7ffdcbca28fe826a289b']
+                },
+                {
+                  criterion: 'checkIntentType',
+                  args: ['transferNative']
+                },
+                {
+                  criterion: 'checkIntentToken',
+                  args: ['eip155:137/slip44:966']
+                },
+                {
+                  criterion: 'checkSpendingLimit',
+                  args: {
+                    limit: '1000000000000000000',
+                    timeWindow: {
+                      type: 'rolling',
+                      value: 43200
+                    },
+                    filters: {
+                      tokens: ['eip155:137/slip44:966'],
+                      users: ['[email protected]']
+                    }
+                  }
                 }
               ]
             }

diff --git a/apps/authz/src/app/http/rest/dto/policy-rules/set-policy-rules-request.dto.ts b/apps/authz/src/app/http/rest/dto/policy-rules/set-policy-rules-request.dto.ts
@@ -3,24 +3,19 @@ import { BaseAdminRequestPayloadDto } from '@app/authz/app/http/rest/dto/base-ad
 import { Action, Policy } from '@narval/authz-shared'
 import { ApiProperty } from '@nestjs/swagger'
 import { Type } from 'class-transformer'
-import { IsDefined, IsIn, ValidateNested } from 'class-validator'
+import { IsDefined, IsString, Matches, ValidateNested } from 'class-validator'
 
 export class SetPolicyRulesDto extends BaseActionDto {
-  @IsIn(Object.values(Action))
   @IsDefined()
-  @ApiProperty({
-    enum: Object.values(Action),
-    default: Action.SET_POLICY_RULES
-  })
+  @IsString()
+  @Matches(Action.SET_POLICY_RULES)
+  @ApiProperty({ type: Action, default: Action.SET_POLICY_RULES })
   action: typeof Action.SET_POLICY_RULES
 
   @IsDefined()
   @Type(() => Policy)
   @ValidateNested({ each: true })
-  @ApiProperty({
-    type: () => Policy,
-    isArray: true
-  })
+  @ApiProperty({ type: Policy, isArray: true })
   data: Policy[]
 }
 

diff --git a/packages/authz-shared/src/lib/decorators/is-account-id.decorator.ts b/packages/authz-shared/src/lib/decorators/is-account-id.decorator.ts
@@ -0,0 +1,7 @@
+import { applyDecorators } from '@nestjs/common'
+import { Matches, ValidationOptions } from 'class-validator'
+
+export function IsAccountId(validationOptions?: ValidationOptions) {
+  const regex = new RegExp('^eip155:d+/w+$')
+  return applyDecorators(Matches(regex, validationOptions))
+}
diff --git a/packages/authz-shared/src/lib/decorators/is-asset-id.decorator.ts b/packages/authz-shared/src/lib/decorators/is-asset-id.decorator.ts
@@ -0,0 +1,7 @@
+import { applyDecorators } from '@nestjs/common'
+import { Matches, ValidationOptions } from 'class-validator'
+
+export function IsAssetId(validationOptions?: ValidationOptions) {
+  const regex = new RegExp('^(eip155:d+/(erc1155|erc20|erc721):w+/w+|eip155:d+/slip44:d+)$')
+  return applyDecorators(Matches(regex, validationOptions))
+}
diff --git a/packages/authz-shared/src/lib/decorators/is-not-empty-array-enum.decorator.ts b/packages/authz-shared/src/lib/decorators/is-not-empty-array-enum.decorator.ts
@@ -0,0 +1,16 @@
+import { applyDecorators } from '@nestjs/common'
+import { ApiProperty } from '@nestjs/swagger'
+import { ArrayMinSize, IsArray, IsDefined, IsEnum } from 'class-validator'
+
+export function IsNotEmptyArrayEnum(Enum: object) {
+  return applyDecorators(
+    IsDefined,
+    IsArray,
+    IsEnum(Enum, { each: true }),
+    ApiProperty({
+      enum: Object.values(Enum),
+      isArray: true
+    }),
+    ArrayMinSize(1)
+  )
+}
diff --git a/packages/authz-shared/src/lib/decorators/is-not-empty-array-string.decorator.ts b/packages/authz-shared/src/lib/decorators/is-not-empty-array-string.decorator.ts
@@ -0,0 +1,13 @@
+import { applyDecorators } from '@nestjs/common';
+import { ApiProperty } from '@nestjs/swagger';
+import { IsDefined, IsArray, IsString, ArrayMinSize } from 'class-validator';
+
+export function IsNotEmptyArrayString() {
+  return applyDecorators(
+    IsDefined(),
+    IsArray(),
+    IsString({ each: true }),
+    ApiProperty({ type: String, isArray: true }),
+    ArrayMinSize(1)
+  );
+}
diff --git a/packages/authz-shared/src/lib/decorators/validate-criterion.decorator.ts b/packages/authz-shared/src/lib/decorators/validate-criterion.decorator.ts
@@ -0,0 +1,8 @@
+import { applyDecorators } from '@nestjs/common'
+import { ApiProperty } from '@nestjs/swagger'
+import { IsDefined, IsString, Matches } from 'class-validator'
+import { Criterion } from '../type/policy-builder.type'
+
+export function ValidateCriterion(name: string) {
+  return applyDecorators(IsDefined(), IsString(), Matches(name), ApiProperty({ type: Criterion, default: name }))
+}