Skip to content

Commit

Permalink
Initial Auth Next implementation in Soroban Host (#645)
Browse files Browse the repository at this point in the history
* Update the common environment interface.

- Remove functions that are not anticipated to be used/useful with Auth Next (mostly account-related functions, as well as some unimplemented helpers)
- Add `require_auth` function that is the entry point to Auth Next.

* Added support for `ScAddress`/`NonceKey` objects and removed support for `AccountId` as host object.

* Implementation of `AuthorizationManager` and supporting functions.

This is the core of the Auth Next implementation. `AuthorizationManager` allows enforcing the authorization requirements or recording them, as well as performs authentication when needed, keeps track of the call stacks etc.

Also added the built-in account 'contract' that handles authentication for the classic accounts. This is a contract just conceptually, it doesn't mean to support the actual contract interface.

* Host support for Auth Next.

- Added `require_auth` function and functions to support the recording mode and testing
- Updated the public env interface according to the common env changes.
- Removed network_passphrase in order to be more consistent with Core and remove some confusion around which one should be used

* Updated built-in token interface & implementation to be compatible with Auth Next.

* Token test utils and test updates.

Currently this provides most of the coverage for Auth Next in Host.

Testing this is quite tricky. As a followup and after the respective SDK updates we should add more tests that use non-built-in contracts with various deep invocation trees, multiple accounts etc.

* Test updates for replacing network passphrase with id.

* Added a simple account contract and updated the tests contracts/Wasm files.

* [removeme] Temporarily point at the XDR branch in order to make core buildable.

* Update XDR version.

* !fixup Condition vm-only test on vm presence.

* !fixup Recording auth fixes.

* !fixup Update env version and fix warnings.

* !fixup MeteredClone cleanup

* !fixup Typo fix

* !fixup Removed unreachable code.

* !fixup Cleanup rollback/reset logic

- Store recording mode tracker pointers in rollback snapshots
- In tests, reset the whole `AuthorizationManager` instead of relying on cleaning up/storing individual fields

* ! fixup Create new recording trackers for the new trees.
  • Loading branch information
dmkozh authored Feb 2, 2023
1 parent 99e0a97 commit fc611e5
Show file tree
Hide file tree
Showing 56 changed files with 3,184 additions and 2,686 deletions.
2 changes: 1 addition & 1 deletion Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ soroban-native-sdk-macros = { version = "0.0.12", path = "soroban-native-sdk-mac
[workspace.dependencies.stellar-xdr]
version = "0.0.12"
git = "https://github.com/stellar/rs-stellar-xdr"
rev = "154e07e"
rev = "763b104"
default-features = false

[workspace.dependencies.wasmi]
Expand Down
139 changes: 14 additions & 125 deletions soroban-env-common/env.json
Original file line number Diff line number Diff line change
Expand Up @@ -57,10 +57,10 @@
},
{
"export": "3",
"name": "get_current_contract",
"name": "get_current_contract_id",
"args": [],
"return": "Object",
"docs": "Get the contractID `Bytes` of the contract which invoked the running contract. Traps if the running contract was not invoked by a contract."
"docs": "Gets the 32-byte identifer of the current contract. Traps if the running contract was not invoked by a contract."
},
{
"export": "4",
Expand All @@ -85,20 +85,13 @@
},
{
"export": "7",
"name": "get_ledger_network_passphrase",
"args": [],
"return": "Object",
"docs": "Return the network passphrase of the current ledger as `Bytes`."
},
{
"export": "8",
"name": "get_current_call_stack",
"args": [],
"return": "Object",
"docs": "Returns the full call stack from the first contract call to the current one as a vector of vectors, where the inside vector contains the contract id as Hash, and a function as a Symbol."
},
{
"export": "9",
"export": "8",
"name": "fail_with_status",
"args": [
{
Expand All @@ -110,7 +103,7 @@
"docs": "Causes the currently executing contract to fail immediately with a provided status code, which must be of error-type `ScStatusType::ContractError`. Does not actually return."
},
{
"export": "a",
"export": "9",
"name": "log_fmt_values",
"args": [
{
Expand All @@ -126,26 +119,26 @@
"docs": "Record a debug event. Fmt must be a Bytes. Args must be a Vec. Void is returned."
},
{
"export": "b",
"export": "a",
"name": "get_invoker_type",
"args": [],
"return": "u64",
"docs": "Get whether the contract invocation is from an account or another contract. Returns 0 for account, 1 for contract."
},
{
"export": "c",
"name": "get_invoking_account",
"name": "get_ledger_network_id",
"args": [],
"return": "Object",
"docs": "Get the AccountID object type of the account which invoked the running contract. Traps if the running contract was not invoked by an account."
"docs": "Return the network id (sha256 hash of network passphrase) of the current ledger as `Bytes`. The value is always 32 bytes in length."
},
{
"export": "d",
"name": "get_ledger_network_id",
"name": "get_current_contract_address",
"args": [],
"return": "Object",
"docs": "Return the network id (sha256 hash of network passphrase) of the current ledger as `Bytes`. The value is always 32 bytes in length."
}
"docs": "Get the Address object for the current contract."
}
]
},
{
Expand Down Expand Up @@ -1110,62 +1103,6 @@
}
]
},
{
"name": "hash",
"export": "h",
"functions": [
{
"export": "_",
"name": "hash_from_bytes",
"args": [
{
"name": "x",
"type": "Object"
}
],
"return": "Object"
},
{
"export": "0",
"name": "hash_to_bytes",
"args": [
{
"name": "x",
"type": "Object"
}
],
"return": "Object"
}
]
},
{
"name": "key",
"export": "k",
"functions": [
{
"export": "_",
"name": "public_key_from_bytes",
"args": [
{
"name": "x",
"type": "Object"
}
],
"return": "Object"
},
{
"export": "0",
"name": "public_key_to_bytes",
"args": [
{
"name": "x",
"type": "Object"
}
],
"return": "Object"
}
]
},
{
"name": "crypto",
"export": "c",
Expand Down Expand Up @@ -1208,67 +1145,19 @@
"functions": [
{
"export": "_",
"name": "account_get_low_threshold",
"name": "require_auth",
"args": [
{
"name": "a",
"type": "Object"
}
],
"return": "RawVal",
"docs": "Get the low threshold for the account with ID `a` (`a` is `AccountId`). Traps if no such account exists."
},
{
"export": "0",
"name": "account_get_medium_threshold",
"args": [
{
"name": "a",
"type": "Object"
}
],
"return": "RawVal",
"docs": "Get the medium threshold for the account with ID `a` (`a` is `AccountId`). Traps if no such account exists."
},
{
"export": "1",
"name": "account_get_high_threshold",
"args": [
{
"name": "a",
"type": "Object"
}
],
"return": "RawVal",
"docs": "Get the high threshold for the account with ID `a` (`a` is `AccountId`). Traps if no such account exists."
},
{
"export": "2",
"name": "account_get_signer_weight",
"args": [
{
"name": "a",
"name": "address",
"type": "Object"
},
{
"name": "s",
"type": "Object"
}
],
"return": "RawVal",
"docs": "Get the signer weight for the signer with ed25519 public key `s` (`s` is `Bytes`) on the account with ID `a` (`a` is `AccountId`). Returns the master weight if the signer is the master, and returns 0 if no such signer exists. Traps if no such account exists."
},
{
"export": "3",
"name": "account_exists",
"args": [
{
"name": "a",
"name": "args",
"type": "Object"
}
],
"return": "RawVal",
"docs": "Given an ID `a` (`a` is `AccountId`) of an account, check if it exists. Returns (SCStatic) TRUE/FALSE."
"docs": "Checks if the address has authorized the invocation of the current contract function with the provided arguments. Traps if the invocation hasn't been authorized."
}
]
},
Expand Down
2 changes: 1 addition & 1 deletion soroban-env-common/src/meta.rs
Original file line number Diff line number Diff line change
Expand Up @@ -58,5 +58,5 @@
pub const ENV_META_V0_SECTION_NAME: &'static str = "contractenvmetav0";

soroban_env_macros::generate_env_meta_consts!(
interface_version: 27,
interface_version: 28,
);
Loading

0 comments on commit fc611e5

Please sign in to comment.