WIP: Add msg_authorization module

x/msg_authorization/alias.go

@@ -0,0 +1,49 @@
+// nolint
+// autogenerated code using github.com/rigelrozanski/multitool
+// aliases generated for the following subdirectories:
+// ALIASGEN: github.com/cosmos/cosmos-sdk/x/msg_authorization/internal/types/
+// ALIASGEN: github.com/cosmos/cosmos-sdk/x/msg_authorization/internal/keeper/
+package msg_authorization
+
+import (
+	"github.com/cosmos/cosmos-sdk/x/msg_authorization/internal/keeper"
+	"github.com/cosmos/cosmos-sdk/x/msg_authorization/internal/types"
+)
+
+const (
+	DefaultCodespace          = types.DefaultCodespace
+	CodeInvalidGranter        = types.CodeInvalidGranter
+	CodeInvalidGrantee        = types.CodeInvalidGrantee
+	CodeInvalidExpirationTime = types.CodeInvalidExpirationTime
+	ModuleName                = types.ModuleName
+	StoreKey                  = types.StoreKey
+	RouterKey                 = types.RouterKey
+	QuerierRoute              = types.QuerierRoute
+)
+
+var (
+	// functions aliases
+	RegisterCodec             = types.RegisterCodec
+	ErrInvalidGranter         = types.ErrInvalidGranter
+	ErrInvalidGrantee         = types.ErrInvalidGrantee
+	ErrInvalidExpirationTime  = types.ErrInvalidExpirationTime
+	NewMsgGrantAuthorization  = types.NewMsgGrantAuthorization
+	NewMsgRevokeAuthorization = types.NewMsgRevokeAuthorization
+	NewMsgExecDelegated       = types.NewMsgExecDelegated
+	NewKeeper                 = keeper.NewKeeper
+
+	// variable aliases
+	ModuleCdc = types.ModuleCdc
+)
+
+type (
+	Capability             = types.Capability
+	SendCapability         = types.SendCapability
+	CapabilityGrant        = types.CapabilityGrant
+	GenericCapability      = types.GenericCapability
+	CodeType               = types.CodeType
+	MsgGrantAuthorization  = types.MsgGrantAuthorization
+	MsgRevokeAuthorization = types.MsgRevokeAuthorization
+	MsgExecDelegated       = types.MsgExecDelegated
+	Keeper                 = keeper.Keeper
+)

x/msg_authorization/client/cli/flags.go

@@ -0,0 +1,3 @@
+package cli
+
+const FlagExpiration = "expiration"

x/msg_authorization/client/cli/query.go

@@ -0,0 +1 @@
+package cli

x/msg_authorization/client/cli/tx.go

@@ -0,0 +1,111 @@
+package cli
+
+import (
+	"bufio"
+	"time"
+
+	"github.com/cosmos/cosmos-sdk/client"
+	"github.com/cosmos/cosmos-sdk/client/context"
+	"github.com/cosmos/cosmos-sdk/codec"
+	sdk "github.com/cosmos/cosmos-sdk/types"
+	"github.com/cosmos/cosmos-sdk/x/auth"
+	"github.com/cosmos/cosmos-sdk/x/auth/client/utils"
+	"github.com/cosmos/cosmos-sdk/x/msg_authorization/internal/types"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+// GetTxCmd returns the transaction commands for this module
+func GetTxCmd(cdc *codec.Codec) *cobra.Command {
+	AuthorizationTxCmd := &cobra.Command{
+		Use:                        types.ModuleName,
+		Short:                      "Authorization transactions subcommands",
+		Long:                       "Authorize and revoke access to execute transactions on behalf of your address",
+		DisableFlagParsing:         true,
+		SuggestionsMinimumDistance: 2,
+		RunE:                       client.ValidateCmd,
+	}
+
+	AuthorizationTxCmd.AddCommand(client.PostCommands(
+		GetCmdGrantCapability(cdc),
+		GetCmdRevokeCapability(cdc),
+	)...)
+
+	return AuthorizationTxCmd
+}
+
+func GetCmdGrantCapability(cdc *codec.Codec) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "grant",
+		Short: "Grant authorization to an address",
+		Long:  "Grant authorization to an address to execute a transaction on your behalf",
+		Args:  cobra.ExactArgs(2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			inBuf := bufio.NewReader(cmd.InOrStdin())
+			txBldr := auth.NewTxBuilderFromCLI(inBuf).WithTxEncoder(utils.GetTxEncoder(cdc))
+			cliCtx := context.NewCLIContextWithInput(inBuf).WithCodec(cdc)
+
+			granter := cliCtx.FromAddress
+			grantee, err := sdk.AccAddressFromBech32(args[0])
+			if err != nil {
+				return err
+			}
+
+			var capability types.Capability
+			err = cdc.UnmarshalJSON([]byte(args[1]), &capability)
+			if err != nil {
+				return err
+			}
+			expirationString := viper.GetString(FlagExpiration)
+			expiration, err := time.Parse(time.RFC3339, expirationString)
+			if err != nil {
+				return err
+			}
+
+			msg := types.NewMsgGrantAuthorization(granter, grantee, capability, expiration)
+			if err := msg.ValidateBasic(); err != nil {
+				return err
+			}
+
+			return utils.CompleteAndBroadcastTxCLI(txBldr, cliCtx, []sdk.Msg{msg})
+
+		},
+	}
+	cmd.Flags().String(FlagExpiration, "9999-12-31 23:59:59.52Z", "The time upto which the authorization is active for the user")
+
+	return cmd
+}
+
+func GetCmdRevokeCapability(cdc *codec.Codec) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "revoke",
+		Short: "revoke authorization",
+		Long:  "revoke authorization from an address for a transaction",
+		Args:  cobra.ExactArgs(2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			inBuf := bufio.NewReader(cmd.InOrStdin())
+			txBldr := auth.NewTxBuilderFromCLI(inBuf).WithTxEncoder(utils.GetTxEncoder(cdc))
+			cliCtx := context.NewCLIContextWithInput(inBuf).WithCodec(cdc)
+
+			granter := cliCtx.FromAddress
+			grantee, err := sdk.AccAddressFromBech32(args[0])
+			if err != nil {
+				return err
+			}
+
+			var msgAuthorized sdk.Msg
+			err = cdc.UnmarshalJSON([]byte(args[1]), &msgAuthorized)
+			if err != nil {
+				return err
+			}
+
+			msg := types.NewMsgRevokeAuthorization(granter, grantee, msgAuthorized)
+			if err := msg.ValidateBasic(); err != nil {
+				return err
+			}
+
+			return utils.CompleteAndBroadcastTxCLI(txBldr, cliCtx, []sdk.Msg{msg})
+		},
+	}
+	return cmd
+}

x/msg_authorization/client/rest/query.go

@@ -0,0 +1 @@
+package rest

x/msg_authorization/client/rest/tx.go

@@ -0,0 +1 @@
+package rest

x/msg_authorization/exported/keeper.go

@@ -0,0 +1,24 @@
+package exported
+
+import (
+	"time"
+
+	sdk "github.com/cosmos/cosmos-sdk/types"
+	"github.com/cosmos/cosmos-sdk/x/msg_authorization/internal/types"
+)
+
+type Keeper interface {
+	//DispatchActions executes the provided messages via capability grants from the message signer to the grantee
+	DispatchActions(ctx sdk.Context, grantee sdk.AccAddress, msgs []sdk.Msg) sdk.Result
+
+	// Grants the provided capability to the grantee on the granter's account with the provided expiration time
+	// If there is an existing capability grant for the same sdk.Msg type, this grant overwrites that.
+	Grant(ctx sdk.Context, grantee sdk.AccAddress, granter sdk.AccAddress, capability types.Capability, expiration time.Time)
+
+	//Revokes any capability for the provided message type granted to the grantee by the granter.
+	Revoke(ctx sdk.Context, grantee sdk.AccAddress, granter sdk.AccAddress, msgType sdk.Msg)
+
+	//Returns any Capability (or nil), with the expiration time,
+	// granted to the grantee by the granter for the provided msg type.
+	GetCapability(ctx sdk.Context, grantee sdk.AccAddress, granter sdk.AccAddress, msgType sdk.Msg) (cap types.Capability, expiration time.Time)
+}

x/msg_authorization/handler.go

@@ -0,0 +1,58 @@
+package msg_authorization
+
+import (
+	"fmt"
+
+	sdk "github.com/cosmos/cosmos-sdk/types"
+	"github.com/cosmos/cosmos-sdk/x/distribution/types"
+)
+
+func NewHandler(k Keeper) sdk.Handler {
+	return func(ctx sdk.Context, msg sdk.Msg) sdk.Result {
+		ctx = ctx.WithEventManager(sdk.NewEventManager())
+		switch msg := msg.(type) {
+		case MsgGrantAuthorization:
+			return handleMsgGrantAuthorization(ctx, msg, k)
+		case MsgRevokeAuthorization:
+			return handleMsgRevokeAuthorization(ctx, msg, k)
+		case MsgExecDelegated:
+			return handleMsgExecDelegated(ctx, msg, k)
+		default:
+			errMsg := fmt.Sprintf("unrecognized authorization message type: %T", msg)
+			return sdk.ErrUnknownRequest(errMsg).Result()
+		}
+	}
+}
+
+func handleMsgGrantAuthorization(ctx sdk.Context, msg MsgGrantAuthorization, k Keeper) sdk.Result {
+	k.Grant(ctx, msg.Grantee, msg.Granter, msg.Capability, msg.Expiration)
+
+	ctx.EventManager().EmitEvent(
+		sdk.NewEvent(
+			sdk.EventTypeMessage,
+			sdk.NewAttribute(sdk.AttributeKeyModule, types.AttributeValueCategory),
+			sdk.NewAttribute(sdk.AttributeKeySender, msg.Granter.String()),
+		),
+	)
+
+	return sdk.Result{Events: ctx.EventManager().Events()}
+}
+
+func handleMsgRevokeAuthorization(ctx sdk.Context, msg MsgRevokeAuthorization, k Keeper) sdk.Result {
+	k.Revoke(ctx, msg.Grantee, msg.Granter, msg.CapabilityMsgType)
+
+	ctx.EventManager().EmitEvent(
+		sdk.NewEvent(
+			sdk.EventTypeMessage,
+			sdk.NewAttribute(sdk.AttributeKeyModule, types.AttributeValueCategory),
+			sdk.NewAttribute(sdk.AttributeKeySender, msg.Granter.String()),
+		),
+	)
+
+	return sdk.Result{Events: ctx.EventManager().Events()}
+}
+
+func handleMsgExecDelegated(ctx sdk.Context, msg MsgExecDelegated, k Keeper) sdk.Result {
+	//TODO
+	return sdk.Result{Events: ctx.EventManager().Events()}
+}

x/msg_authorization/internal/keeper/keeper.go

@@ -0,0 +1,104 @@
+package keeper
+
+import (
+	"bytes"
+	"fmt"
+	"time"
+
+	"github.com/cosmos/cosmos-sdk/codec"
+	sdk "github.com/cosmos/cosmos-sdk/types"
+	"github.com/cosmos/cosmos-sdk/x/msg_authorization/internal/types"
+)
+
+type Keeper struct {
+	storeKey sdk.StoreKey
+	cdc      *codec.Codec
+	router   sdk.Router
+}
+
+// NewKeeper constructs a message authorisation Keeper
+func NewKeeper(storeKey sdk.StoreKey, cdc *codec.Codec, router sdk.Router) Keeper {
+	return Keeper{
+		storeKey: storeKey,
+		cdc:      cdc,
+		router:   router,
+	}
+}
+
+func (k Keeper) getActorCapabilityKey(grantee sdk.AccAddress, granter sdk.AccAddress, msg sdk.Msg) []byte {
+	return []byte(fmt.Sprintf("c/%x/%x/%s/%s", grantee, granter, msg.Route(), msg.Type()))
+}
+
+func (k Keeper) getCapabilityGrant(ctx sdk.Context, actor []byte) (grant types.CapabilityGrant, found bool) {
+	store := ctx.KVStore(k.storeKey)
+	bz := store.Get(actor)
+	if bz == nil {
+		return grant, false
+	}
+	k.cdc.MustUnmarshalBinaryBare(bz, &grant)
+	return grant, true
+}
+
+func (k Keeper) update(ctx sdk.Context, grantee sdk.AccAddress, granter sdk.AccAddress, updated types.Capability) {
+	grant, found := k.getCapabilityGrant(ctx, k.getActorCapabilityKey(grantee, granter, updated.MsgType()))
+	if !found {
+		return
+	}
+	grant.Capability = updated
+}
+
+func (k Keeper) DispatchActions(ctx sdk.Context, grantee sdk.AccAddress, msgs []sdk.Msg) sdk.Result {
+	var res sdk.Result
+	for _, msg := range msgs {
+		signers := msg.GetSigners()
+		if len(signers) != 1 {
+			return sdk.ErrUnknownRequest("authorization can be given to msg with only one signer").Result()
+		}
+		granter := signers[0]
+		if !bytes.Equal(granter, grantee) {
+			capability, _ := k.GetCapability(ctx, grantee, granter, msg)
+			if capability == nil {
+				return sdk.ErrUnauthorized("authorization not found").Result()
+			}
+			allow, updated, del := capability.Accept(msg, ctx.BlockHeader())
+			if !allow {
+				return sdk.ErrUnauthorized(" ").Result()
+			}
+			if del {
+				k.Revoke(ctx, grantee, granter, msg)
+			} else if updated != nil {
+				k.update(ctx, grantee, granter, updated)
+			}
+		}
+		res = k.router.Route(msg.Route())(ctx, msg)
+		if !res.IsOK() {
+			return res
+		}
+	}
+
+	return sdk.Result{}
+}
+
+func (k Keeper) Grant(ctx sdk.Context, grantee sdk.AccAddress, granter sdk.AccAddress, capability types.Capability, expiration time.Time) {
+	store := ctx.KVStore(k.storeKey)
+	bz := k.cdc.MustMarshalBinaryBare(types.CapabilityGrant{Capability: capability, Expiration: expiration})
+	actor := k.getActorCapabilityKey(grantee, granter, capability.MsgType())
+	store.Set(actor, bz)
+}
+
+func (k Keeper) Revoke(ctx sdk.Context, grantee sdk.AccAddress, granter sdk.AccAddress, msgType sdk.Msg) {
+	store := ctx.KVStore(k.storeKey)
+	store.Delete(k.getActorCapabilityKey(grantee, granter, msgType))
+}
+
+func (k Keeper) GetCapability(ctx sdk.Context, grantee sdk.AccAddress, granter sdk.AccAddress, msgType sdk.Msg) (cap types.Capability, expiration time.Time) {
+	grant, found := k.getCapabilityGrant(ctx, k.getActorCapabilityKey(grantee, granter, msgType))
+	if !found {
+		return nil, time.Time{}
+	}
+	if !grant.Expiration.IsZero() && grant.Expiration.Before(ctx.BlockHeader().Time) {
+		k.Revoke(ctx, grantee, granter, msgType)
+		return nil, time.Time{}
+	}
+	return grant.Capability, grant.Expiration
+}