feat(gateway): add permission control to gateway (#508)

contracts/gateway/src/contract.rs

@@ -45,6 +45,7 @@ pub fn execute(
     info: MessageInfo,
     msg: ExecuteMsg,
 ) -> Result<Response, axelar_wasm_std::ContractError> {
+    let msg = msg.ensure_permissions(deps.storage, &info.sender)?;
     Ok(internal::execute(deps, env, info, msg)?)
 }
 

packages/gateway-api/Cargo.toml

@@ -6,7 +6,11 @@ edition = "2021"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
+axelar-wasm-std = { workspace = true }
 cosmwasm-schema = { workspace = true }
+cosmwasm-std = { workspace = true }
+error-stack = { workspace = true }
+msgs-derive = { workspace = true }
 router-api = { workspace = true }
 
 [lints]

packages/gateway-api/src/msg.rs

@@ -1,16 +1,18 @@
 use cosmwasm_schema::{cw_serde, QueryResponses};
+use msgs_derive::EnsurePermissions;
 use router_api::{CrossChainId, Message};
 
 #[cw_serde]
+#[derive(EnsurePermissions)]
 pub enum ExecuteMsg {
-    // Permissionless
     /// Before messages that are unknown to the system can be routed, they need to be verified.
     /// Use this call to trigger verification for any of the given messages that is still unverified.
+    #[permission(Any)]
     VerifyMessages(Vec<Message>),
 
-    // Permissionless
     /// Forward the given messages to the next step of the routing layer. If these messages are coming in from an external chain,
     /// they have to be verified first.
+    #[permission(Any)]
     RouteMessages(Vec<Message>),
 }