Merge pull request #75 from CosmWasm/cw1-subkeys-permissions

cw1-subkeys: Implement permission functionality

Author: ethanfrey

contracts/cw1-subkeys/Cargo.toml

@@ -18,7 +18,7 @@ backtraces = ["cosmwasm-std/backtraces"]
 library = []
 
 [dependencies]
-cosmwasm-std = { version = "0.10.1", features = ["iterator"] }
+cosmwasm-std = { version = "0.10.1", features = ["iterator", "staking"] }
 cosmwasm-storage = { version = "0.10.1", features = ["iterator"] }
 cw0 = { path = "../../packages/cw0", version = "0.2.0" }
 cw1 = { path = "../../packages/cw1", version = "0.2.0" }

contracts/cw1-subkeys/README.md

@@ -16,6 +16,9 @@ account can try to execute a `CosmosMsg::Bank(BankMsg::Send{})` from this
 contract and if they have the required allowances, their allowance will be
 reduced and the send message relayed. If they don't have sufficient authorization,
 or if they try to proxy any other message type, then the attempt will be rejected.
+Admin can give permissions to subkeys to relay specific types of messages 
+(covers _Delegate, Undelegate, Redelegate, Withdraw_ for now). Subkeys have no permission
+on creation, it can be setup with `SetupPermission` message.
 
 ### Messages
 
@@ -34,6 +37,10 @@ enum HandleMsg {
         denom: String,
         amount: Uint128,
         expires: Option<Expiration>,
+    },
+    SetupPermissions {
+        spender: HumanAddr,
+        permissions: Permissions,
     }
 }
 ```
@@ -46,12 +53,22 @@ It also adds one more query type:
 enum QueryMsg {
     Allowance {
         spender: HumanAddr,
-    }
+    },
+    AllAllowances {
+        start_after: Option<HumanAddr>,
+        limit: Option<u32>,
+    },
 }
 
-pub struct AllowanceResponse {
-    pub allowance: Vec<Coin>,
+pub struct AllowanceInfo {
+    pub spender: HumanAddr,
+    pub balance: Balance,
     pub expires: Expiration,
+    pub permissions: Permissions,
+}
+
+pub struct AllAllowancesResponse {
+    pub allowances: Vec<AllowanceInfo>,
 }
 ```
 

contracts/cw1-subkeys/helpers.ts

@@ -135,11 +135,35 @@ const useOptions = (options: Options): Network => {
 
 type Expiration = { at_height: { height: number } } | { at_time: { time: number } } | { never: {}}
 
-interface AllowanceResponse {
+interface CanSendResponse {
+  readonly canSend: boolean;
+}
+
+interface Permissions {
+  readonly delegate: boolean
+  readonly undelegate: boolean
+  readonly redelegate: boolean
+  readonly withdraw: boolean
+}
+
+interface PermissionsInfo {
+  readonly spender: string;
+  readonly permissions: Permissions;
+}
+
+interface AllPermissionsResponse {
+  readonly permissions: readonly PermissionsInfo[];
+}
+
+interface AllowanceInfo {
   readonly balance: readonly Coin[],
   readonly expires: Expiration,
 }
 
+interface AllAllowancesResponse {
+  readonly allowances: readonly AllowanceInfo[];
+}
+
 interface AdminListResponse {
   readonly admins: readonly string[],
   readonly mutable: boolean,
@@ -150,8 +174,7 @@ interface InitMsg {
   readonly mutable: boolean,
 }
 
-// TODO: define more of these
-type CosmosMsg = SendMsg; 
+type CosmosMsg = SendMsg | DelegateMsg | UndelegateMsg | RedelegateMsg | WithdrawMsg
 
 interface SendMsg {
   readonly bank: {
@@ -163,19 +186,62 @@ interface SendMsg {
   }
 }
 
+interface DelegateMsg {
+  readonly staking: {
+    readonly delegate: {
+      readonly validator: string,
+      readonly amount: Coin,
+    }
+  }
+}
+
+interface UndelegateMsg {
+  readonly staking: {
+    readonly undelegate: {
+      readonly validator: string,
+      readonly amount: Coin,
+    }
+  }
+}
+
+interface RedelegateMsg {
+  readonly staking: {
+    readonly redelegate: {
+      readonly src_validator: string,
+      readonly dst_validator: string,
+      readonly amount: Coin,
+    }
+  }
+}
+
+interface WithdrawMsg {
+  readonly staking: {
+    readonly withdraw: {
+      readonly validator: string,
+      readonly recipient?: string,
+    }
+  }
+}
+
 interface CW1Instance {
   readonly contractAddress: string
 
   // queries
   admins: () => Promise<AdminListResponse>
-  allowance: (address?: string) => Promise<AllowanceResponse>
+  allowance: (address?: string) => Promise<AllowanceInfo>
+  allAllowances: (startAfter?: string, limit?: number) => Promise<AllAllowancesResponse>
+
+  permissions: (address?: string) => Promise<PermissionsInfo>
+  allPermissions: (startAfter?: string, limit?: number) => Promise<AllPermissionsResponse>
+  canSend: (sender: string, msg: CosmosMsg) => Promise<CanSendResponse>
 
   // actions
   execute: (msgs: readonly CosmosMsg[]) => Promise<string>
   freeze: () => Promise<string>
   updateAdmins: (admins: readonly string[]) => Promise<string>
   increaseAllowance: (recipient: string, amount: Coin, expires?: Expiration) => Promise<string>
   decreaseAllowance: (recipient: string, amount: Coin, expires?: Expiration) => Promise<string>
+  setPermissions: (recipient: string, permissions: Permissions) => Promise<string>
 }
 
 interface CW1Contract {
@@ -194,10 +260,26 @@ interface CW1Contract {
 
 const CW1 = (client: SigningCosmWasmClient): CW1Contract => {
   const use = (contractAddress: string): CW1Instance => {
-    const allowance = async (address?: string): Promise<AllowanceResponse> => {
+    const allowance = async (address?: string): Promise<AllowanceInfo> => {
       const spender = address || client.senderAddress;
-      const result = await client.queryContractSmart(contractAddress, {allowance: { spender }});
-      return result;
+      return await client.queryContractSmart(contractAddress, {allowance: {spender}});
+    };
+
+    const allAllowances = async (startAfter?: string, limit?: number): Promise<AllAllowancesResponse> => {
+      return client.queryContractSmart(contractAddress, {all_allowances: { start_after: startAfter, limit: limit }});
+    };
+
+    const permissions = async (address?: string): Promise<PermissionsInfo> => {
+      const spender = address || client.senderAddress;
+      return await client.queryContractSmart(contractAddress, {permissions: {spender}});
+    };
+
+    const allPermissions = async (startAfter?: string, limit?: number): Promise<AllPermissionsResponse> => {
+      return client.queryContractSmart(contractAddress, {all_permissions: { start_after: startAfter, limit: limit }});
+    };
+
+    const canSend = async (sender: string, msg: CosmosMsg): Promise<CanSendResponse> => {
+      return client.queryContractSmart(contractAddress, {can_send: { sender: sender, msg: msg }});
     };
 
     const admins = async (): Promise<AdminListResponse> => {
@@ -231,16 +313,26 @@ const CW1 = (client: SigningCosmWasmClient): CW1Contract => {
       const result = await client.execute(contractAddress, {decrease_allowance: {spender, amount, expires}});
       return result.transactionHash;
     }
-    
+
+    const setPermissions = async (spender: string, permissions: Permissions): Promise<string> => {
+      const result = await client.execute(contractAddress, {set_permissions: {spender, permissions}});
+      return result.transactionHash;
+    }
+
     return {
       contractAddress,
       admins,
       allowance,
+      allAllowances,
+      permissions,
+      allPermissions,
+      canSend,
       execute,
       freeze,
       updateAdmins,
       increaseAllowance,
       decreaseAllowance,
+      setPermissions
     };
   }
 
@@ -273,7 +365,7 @@ const CW1 = (client: SigningCosmWasmClient): CW1Contract => {
 
 // Demo:
 // const client = await useOptions(coralnetOptions).setup(PASSWORD);
-// const { address} = await client.getAccount()
+// const { address } = await client.getAccount()
 // const factory = CW1(client)
 //
 // const codeId = await factory.upload();
@@ -314,3 +406,13 @@ const CW1 = (client: SigningCosmWasmClient): CW1Contract => {
 // contract.execute([{bank: {send: {from_address: contractAddress, to_address: address, amount: [{denom: "ushell", amount: "440000"}]}}}])
 // client.getAccount(contractAddress)
 // client.getAccount()
+
+// let permissions: Permissions = { delegate: true, undelegate: true, redelegate: true, withdraw: true }
+// contract.setStakingPermissions(randomAddress, permissions)
+
+// test delegating and undelegating from another account
+// let dmsg: DelegateMsg = {staking: {delegate: {validator:"coralvaloper1hf50trj7plz2sd8cmcvn7c8ruh3tjhc2uch4gp", amount:{denom:"ureef",amount:"999"}}}}
+// contract.execute([dmsg])
+//
+// let unmsg: UndelegateMsg = {staking: {undelegate: {validator:"coralvaloper1hf50trj7plz2sd8cmcvn7c8ruh3tjhc2uch4gp", amount:{denom:"ureef",amount:"999"}}}}
+// contract.execute([unmsg])

contracts/cw1-subkeys/schema/handle_msg.json

@@ -127,6 +127,29 @@
           }
         }
       }
+    },
+    {
+      "type": "object",
+      "required": [
+        "set_permissions"
+      ],
+      "properties": {
+        "set_permissions": {
+          "type": "object",
+          "required": [
+            "permissions",
+            "spender"
+          ],
+          "properties": {
+            "permissions": {
+              "$ref": "#/definitions/Permissions"
+            },
+            "spender": {
+              "$ref": "#/definitions/HumanAddr"
+            }
+          }
+        }
+      }
     }
   ],
   "definitions": {
@@ -282,6 +305,29 @@
     "HumanAddr": {
       "type": "string"
     },
+    "Permissions": {
+      "type": "object",
+      "required": [
+        "delegate",
+        "redelegate",
+        "undelegate",
+        "withdraw"
+      ],
+      "properties": {
+        "delegate": {
+          "type": "boolean"
+        },
+        "redelegate": {
+          "type": "boolean"
+        },
+        "undelegate": {
+          "type": "boolean"
+        },
+        "withdraw": {
+          "type": "boolean"
+        }
+      }
+    },
     "StakingMsg": {
       "anyOf": [
         {

contracts/cw1-subkeys/schema/query_msg.json

@@ -34,6 +34,26 @@
         }
       }
     },
+    {
+      "description": "Get the current permissions for the given subkey (how much it can spend) Returns PermissionsInfo",
+      "type": "object",
+      "required": [
+        "permissions"
+      ],
+      "properties": {
+        "permissions": {
+          "type": "object",
+          "required": [
+            "spender"
+          ],
+          "properties": {
+            "spender": {
+              "$ref": "#/definitions/HumanAddr"
+            }
+          }
+        }
+      }
+    },
     {
       "description": "Checks permissions of the caller on this proxy. If CanSend returns true then a call to `Execute` with the same message, before any further state changes, should also succeed.",
       "type": "object",
@@ -89,6 +109,38 @@
           }
         }
       }
+    },
+    {
+      "description": "Gets all Permissions for this contract Returns AllPermissionsResponse",
+      "type": "object",
+      "required": [
+        "all_permissions"
+      ],
+      "properties": {
+        "all_permissions": {
+          "type": "object",
+          "properties": {
+            "limit": {
+              "type": [
+                "integer",
+                "null"
+              ],
+              "format": "uint32",
+              "minimum": 0.0
+            },
+            "start_after": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/HumanAddr"
+                },
+                {
+                  "type": "null"
+                }
+              ]
+            }
+          }
+        }
+      }
     }
   ],
   "definitions": {