neptune-auth

Crates.ioneptune-auth
lib.rsneptune-auth
version
sourcesrc
created_at2023-01-06 01:03:54.252083
updated_at2024-12-04 16:36:45.005083
descriptionCrate for implementing message authorization for cosmwasm smart contracts.
homepagehttps://nept.finance
repositoryhttps://github.com/cryptechdev/neptune-protocol
max_upload_size
id751916
Cargo.toml error:TOML parse error at line 21, column 1 | 21 | autolib = false | ^^^^^^^ unknown field `autolib`, expected one of `name`, `version`, `edition`, `authors`, `description`, `readme`, `license`, `repository`, `homepage`, `documentation`, `build`, `resolver`, `links`, `default-run`, `default_dash_run`, `rust-version`, `rust_dash_version`, `rust_version`, `license-file`, `license_dash_file`, `license_file`, `licenseFile`, `license_capital_file`, `forced-target`, `forced_dash_target`, `autobins`, `autotests`, `autoexamples`, `autobenches`, `publish`, `metadata`, `keywords`, `categories`, `exclude`, `include`
size0
Eric Woolsey (ewoolsey)

documentation

https://docs.nept.finance/

README

neptune-auth

This package is used to manage the authentication of callers for any arbitrary message type.

Usage

The first step is to create some sort of config type which has access to stored addresses.

#[derive(Copy, Display)]
#[cw_serde]
pub enum Config {
    Admin,
    Bot,
}

Then you should impl GetPermissionGroup for the Config.

impl GetPermissionGroup for Config {
    fn get_permission_group(&self, deps: Deps<impl CustomQuery>, _env: &Env) -> Result<PermissionGroup, NeptAuthError> {
        // How your config accesses storage is up to you
        // Here we use a map from cw_storage_plus
        Ok(vec![self.load(deps).unwrap()].into())
    }
}

Then you can can assign a permission group for each variant in a given message type. Here I use ExecuteMsg as an example.

use crate::config::Config::*;

impl NeptuneAuth for ExecuteMsg {
    fn permissions(&self) -> Result<Vec<&dyn GetPermissionGroup>, NeptAuthError> {
        Ok(match self {
            ExecuteMsg::SetConfig { .. } => vec![&Admin],
            ExecuteMsg::AddAsset { .. } => vec![&Bot],
            ExecuteMsg::RemoveAsset { .. } => vec![&Bot],
            ExecuteMsg::UpdatePrices { .. } => vec![&Admin, &Bot],
        })
    }
}

And finally you place the authorization check inside the execute entry point (or wherever else you'd like to verify authorization).

#[cfg_attr(not(feature = "library"), entry_point)]
pub fn execute(deps: DepsMut<impl CustomQuery>, env: Env, info: MessageInfo, msg: ExecuteMsg) -> Result<Response, MyError> {
    // This is the line that checks the permissions
    // It will return an error if the caller does not have the required permissions
    msg.neptune_authorize(deps.as_ref(), &env, &info.sender)?;

    ...
}
Commit count: 0

cargo fmt