neptune-auth

Crates.ioneptune-auth
lib.rsneptune-auth
version1.0.0
sourcesrc
created_at2023-01-06 01:03:54.252083
updated_at2024-01-19 03:33:43.725733
descriptionCrate for implementing message authorization for cosmwasm smart contracts.
homepagehttps://nept.finance
repositoryhttps://github.com/cryptechdev/neptune-auth
max_upload_size
id751916
size8,184
Eric Woolsey (ewoolsey)

documentation

README

neptune-auth

This package is used to manage the authentication of callers for any arbitrary message type.

Usage

The first step is to create some sort of config type which has access to stored addresses.

#[derive(Copy, Display)]
#[cw_serde]
pub enum Config {
    Admin,
    Bot,
}

Then you should impl GetPermissionGroup for the Config.

impl GetPermissionGroup for Config {
    fn get_permission_group(&self, deps: Deps<impl CustomQuery>, _env: &Env) -> Result<PermissionGroup, NeptAuthError> {
        // How your config accesses storage is up to you
        // Here we use a map from cw_storage_plus
        Ok(vec![self.load(deps).unwrap()].into())
    }
}

Then you can can assign a permission group for each variant in a given message type. Here I use ExecuteMsg as an example.

use crate::config::Config::*;

impl NeptuneAuth for ExecuteMsg {
    fn permissions(&self) -> Result<Vec<&dyn GetPermissionGroup>, NeptAuthError> {
        Ok(match self {
            ExecuteMsg::SetConfig { .. } => vec![&Admin],
            ExecuteMsg::AddAsset { .. } => vec![&Bot],
            ExecuteMsg::RemoveAsset { .. } => vec![&Bot],
            ExecuteMsg::UpdatePrices { .. } => vec![&Admin, &Bot],
        })
    }
}

And finally you place the authorization check inside the execute entry point (or wherever else you'd like to verify authorization).

#[cfg_attr(not(feature = "library"), entry_point)]
pub fn execute(deps: DepsMut<impl CustomQuery>, env: Env, info: MessageInfo, msg: ExecuteMsg) -> Result<Response, MyError> {
    // This is the line that checks the permissions
    // It will return an error if the caller does not have the required permissions
    msg.neptune_authorize(deps.as_ref(), &env, &info.sender)?;

    ...
}
Commit count: 39

cargo fmt