feat: initialize Kurdistan SDK - independent fork of Polkadot SDK

2025-12-13 15:44:15 +03:00
commit e4778b4576
6838 changed files with 1847450 additions and 0 deletions
@@ -0,0 +1,27 @@
+[package]
+name = "pallet-node-authorization"
+version = "28.0.0"
+authors.workspace = true
+edition.workspace = true
+license = "Apache-2.0"
+homepage.workspace = true
+repository.workspace = true
+description = "FRAME pallet for node authorization"
+
+[lints]
+workspace = true
+
+[package.metadata.docs.rs]
+targets = ["x86_64-unknown-linux-gnu"]
+
+[dependencies]
+codec = { features = ["derive"], workspace = true }
+frame = { workspace = true, features = ["runtime"] }
+log = { workspace = true }
+scale-info = { features = ["derive"], workspace = true }
+
+[features]
+default = ["std"]
+std = ["codec/std", "frame/std", "log/std", "scale-info/std"]
+try-runtime = ["frame/try-runtime"]
+runtime-benchmarks = ["frame/runtime-benchmarks"]
@@ -0,0 +1,472 @@
+// This file is part of Substrate.
+
+// Copyright (C) Parity Technologies (UK) Ltd.
+// SPDX-License-Identifier: Apache-2.0
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// 	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! # Node authorization pallet
+//!
+//! This pallet manages a configurable set of nodes for a permissioned network.
+//! Each node is identified by a PeerId (i.e. `Vec<u8>`). It provides two ways to
+//! authorize a node,
+//!
+//! - a set of well known nodes across different organizations in which the
+//! connections are allowed.
+//! - users can claim the ownership for each node, then manage the connections of
+//! the node.
+//!
+//! A node must have an owner. The owner can additionally change the connections
+//! for the node. Only one user is allowed to claim a specific node. To eliminate
+//! false claim, the maintainer of the node should claim it before even starting the
+//! node. This pallet uses offchain worker to set reserved nodes, if the node is not
+//! an authority, make sure to enable offchain worker with the right CLI flag. The
+//! node can be lagged with the latest block, in this case you need to disable offchain
+//! worker and manually set reserved nodes when starting it.
+
+// Ensure we're `no_std` when compiling for Wasm.
+#![cfg_attr(not(feature = "std"), no_std)]
+
+#[cfg(test)]
+// We do not declare all features used by `construct_runtime`
+#[allow(unexpected_cfgs)]
+mod mock;
+#[cfg(test)]
+mod tests;
+
+pub mod weights;
+
+extern crate alloc;
+
+use alloc::{collections::btree_set::BTreeSet, vec::Vec};
+use frame::{
+	deps::{sp_core::OpaquePeerId as PeerId, sp_io},
+	prelude::*,
+};
+pub use pallet::*;
+pub use weights::WeightInfo;
+
+type AccountIdLookupOf<T> = <<T as frame_system::Config>::Lookup as StaticLookup>::Source;
+
+#[frame::pallet]
+pub mod pallet {
+	use super::*;
+
+	#[pallet::pallet]
+	#[pallet::without_storage_info]
+	pub struct Pallet<T>(_);
+
+	/// The module configuration trait
+	#[pallet::config]
+	pub trait Config: frame_system::Config {
+		/// The overarching event type.
+		#[allow(deprecated)]
+		type RuntimeEvent: From<Event<Self>> + IsType<<Self as frame_system::Config>::RuntimeEvent>;
+
+		/// The maximum number of well known nodes that are allowed to set
+		#[pallet::constant]
+		type MaxWellKnownNodes: Get<u32>;
+
+		/// The maximum length in bytes of PeerId
+		#[pallet::constant]
+		type MaxPeerIdLength: Get<u32>;
+
+		/// The origin which can add a well known node.
+		type AddOrigin: EnsureOrigin<Self::RuntimeOrigin>;
+
+		/// The origin which can remove a well known node.
+		type RemoveOrigin: EnsureOrigin<Self::RuntimeOrigin>;
+
+		/// The origin which can swap the well known nodes.
+		type SwapOrigin: EnsureOrigin<Self::RuntimeOrigin>;
+
+		/// The origin which can reset the well known nodes.
+		type ResetOrigin: EnsureOrigin<Self::RuntimeOrigin>;
+
+		/// Weight information for extrinsics in this pallet.
+		type WeightInfo: WeightInfo;
+	}
+
+	/// The set of well known nodes. This is stored sorted (just by value).
+	#[pallet::storage]
+	#[pallet::getter(fn well_known_nodes)]
+	pub type WellKnownNodes<T> = StorageValue<_, BTreeSet<PeerId>, ValueQuery>;
+
+	/// A map that maintains the ownership of each node.
+	#[pallet::storage]
+	#[pallet::getter(fn owners)]
+	pub type Owners<T: Config> = StorageMap<_, Blake2_128Concat, PeerId, T::AccountId>;
+
+	/// The additional adaptive connections of each node.
+	#[pallet::storage]
+	#[pallet::getter(fn additional_connection)]
+	pub type AdditionalConnections<T> =
+		StorageMap<_, Blake2_128Concat, PeerId, BTreeSet<PeerId>, ValueQuery>;
+
+	#[pallet::genesis_config]
+	#[derive(DefaultNoBound)]
+	pub struct GenesisConfig<T: Config> {
+		pub nodes: Vec<(PeerId, T::AccountId)>,
+	}
+
+	#[pallet::genesis_build]
+	impl<T: Config> BuildGenesisConfig for GenesisConfig<T> {
+		fn build(&self) {
+			Pallet::<T>::initialize_nodes(&self.nodes);
+		}
+	}
+
+	#[pallet::event]
+	#[pallet::generate_deposit(pub(super) fn deposit_event)]
+	pub enum Event<T: Config> {
+		/// The given well known node was added.
+		NodeAdded { peer_id: PeerId, who: T::AccountId },
+		/// The given well known node was removed.
+		NodeRemoved { peer_id: PeerId },
+		/// The given well known node was swapped; first item was removed,
+		/// the latter was added.
+		NodeSwapped { removed: PeerId, added: PeerId },
+		/// The given well known nodes were reset.
+		NodesReset { nodes: Vec<(PeerId, T::AccountId)> },
+		/// The given node was claimed by a user.
+		NodeClaimed { peer_id: PeerId, who: T::AccountId },
+		/// The given claim was removed by its owner.
+		ClaimRemoved { peer_id: PeerId, who: T::AccountId },
+		/// The node was transferred to another account.
+		NodeTransferred { peer_id: PeerId, target: T::AccountId },
+		/// The allowed connections were added to a node.
+		ConnectionsAdded { peer_id: PeerId, allowed_connections: Vec<PeerId> },
+		/// The allowed connections were removed from a node.
+		ConnectionsRemoved { peer_id: PeerId, allowed_connections: Vec<PeerId> },
+	}
+
+	#[pallet::error]
+	pub enum Error<T> {
+		/// The PeerId is too long.
+		PeerIdTooLong,
+		/// Too many well known nodes.
+		TooManyNodes,
+		/// The node is already joined in the list.
+		AlreadyJoined,
+		/// The node doesn't exist in the list.
+		NotExist,
+		/// The node is already claimed by a user.
+		AlreadyClaimed,
+		/// The node hasn't been claimed yet.
+		NotClaimed,
+		/// You are not the owner of the node.
+		NotOwner,
+		/// No permission to perform specific operation.
+		PermissionDenied,
+	}
+
+	#[pallet::hooks]
+	impl<T: Config> Hooks<BlockNumberFor<T>> for Pallet<T> {
+		/// Set reserved node every block. It may not be enabled depends on the offchain
+		/// worker settings when starting the node.
+		fn offchain_worker(now: BlockNumberFor<T>) {
+			let network_state = sp_io::offchain::network_state();
+			match network_state {
+				Err(_) => log::error!(
+					target: "runtime::node-authorization",
+					"Error: failed to get network state of node at {:?}",
+					now,
+				),
+				Ok(state) => {
+					let encoded_peer = state.peer_id.0;
+					match Decode::decode(&mut &encoded_peer[..]) {
+						Err(_) => log::error!(
+							target: "runtime::node-authorization",
+							"Error: failed to decode PeerId at {:?}",
+							now,
+						),
+						Ok(node) => sp_io::offchain::set_authorized_nodes(
+							Self::get_authorized_nodes(&PeerId(node)),
+							true,
+						),
+					}
+				},
+			}
+		}
+	}
+
+	#[pallet::call]
+	impl<T: Config> Pallet<T> {
+		/// Add a node to the set of well known nodes. If the node is already claimed, the owner
+		/// will be updated and keep the existing additional connection unchanged.
+		///
+		/// May only be called from `T::AddOrigin`.
+		///
+		/// - `node`: identifier of the node.
+		#[pallet::call_index(0)]
+		#[pallet::weight((T::WeightInfo::add_well_known_node(), DispatchClass::Operational))]
+		pub fn add_well_known_node(
+			origin: OriginFor<T>,
+			node: PeerId,
+			owner: AccountIdLookupOf<T>,
+		) -> DispatchResult {
+			T::AddOrigin::ensure_origin(origin)?;
+			let owner = T::Lookup::lookup(owner)?;
+			ensure!(node.0.len() < T::MaxPeerIdLength::get() as usize, Error::<T>::PeerIdTooLong);
+
+			let mut nodes = WellKnownNodes::<T>::get();
+			ensure!(nodes.len() < T::MaxWellKnownNodes::get() as usize, Error::<T>::TooManyNodes);
+			ensure!(!nodes.contains(&node), Error::<T>::AlreadyJoined);
+
+			nodes.insert(node.clone());
+
+			WellKnownNodes::<T>::put(&nodes);
+			<Owners<T>>::insert(&node, &owner);
+
+			Self::deposit_event(Event::NodeAdded { peer_id: node, who: owner });
+			Ok(())
+		}
+
+		/// Remove a node from the set of well known nodes. The ownership and additional
+		/// connections of the node will also be removed.
+		///
+		/// May only be called from `T::RemoveOrigin`.
+		///
+		/// - `node`: identifier of the node.
+		#[pallet::call_index(1)]
+		#[pallet::weight((T::WeightInfo::remove_well_known_node(), DispatchClass::Operational))]
+		pub fn remove_well_known_node(origin: OriginFor<T>, node: PeerId) -> DispatchResult {
+			T::RemoveOrigin::ensure_origin(origin)?;
+			ensure!(node.0.len() < T::MaxPeerIdLength::get() as usize, Error::<T>::PeerIdTooLong);
+
+			let mut nodes = WellKnownNodes::<T>::get();
+			ensure!(nodes.contains(&node), Error::<T>::NotExist);
+
+			nodes.remove(&node);
+
+			WellKnownNodes::<T>::put(&nodes);
+			<Owners<T>>::remove(&node);
+			AdditionalConnections::<T>::remove(&node);
+
+			Self::deposit_event(Event::NodeRemoved { peer_id: node });
+			Ok(())
+		}
+
+		/// Swap a well known node to another. Both the ownership and additional connections
+		/// stay untouched.
+		///
+		/// May only be called from `T::SwapOrigin`.
+		///
+		/// - `remove`: the node which will be moved out from the list.
+		/// - `add`: the node which will be put in the list.
+		#[pallet::call_index(2)]
+		#[pallet::weight((T::WeightInfo::swap_well_known_node(), DispatchClass::Operational))]
+		pub fn swap_well_known_node(
+			origin: OriginFor<T>,
+			remove: PeerId,
+			add: PeerId,
+		) -> DispatchResult {
+			T::SwapOrigin::ensure_origin(origin)?;
+			ensure!(remove.0.len() < T::MaxPeerIdLength::get() as usize, Error::<T>::PeerIdTooLong);
+			ensure!(add.0.len() < T::MaxPeerIdLength::get() as usize, Error::<T>::PeerIdTooLong);
+
+			if remove == add {
+				return Ok(());
+			}
+
+			let mut nodes = WellKnownNodes::<T>::get();
+			ensure!(nodes.contains(&remove), Error::<T>::NotExist);
+			ensure!(!nodes.contains(&add), Error::<T>::AlreadyJoined);
+
+			nodes.remove(&remove);
+			nodes.insert(add.clone());
+
+			WellKnownNodes::<T>::put(&nodes);
+			Owners::<T>::swap(&remove, &add);
+			AdditionalConnections::<T>::swap(&remove, &add);
+
+			Self::deposit_event(Event::NodeSwapped { removed: remove, added: add });
+			Ok(())
+		}
+
+		/// Reset all the well known nodes. This will not remove the ownership and additional
+		/// connections for the removed nodes. The node owner can perform further cleaning if
+		/// they decide to leave the network.
+		///
+		/// May only be called from `T::ResetOrigin`.
+		///
+		/// - `nodes`: the new nodes for the allow list.
+		#[pallet::call_index(3)]
+		#[pallet::weight((T::WeightInfo::reset_well_known_nodes(), DispatchClass::Operational))]
+		pub fn reset_well_known_nodes(
+			origin: OriginFor<T>,
+			nodes: Vec<(PeerId, T::AccountId)>,
+		) -> DispatchResult {
+			T::ResetOrigin::ensure_origin(origin)?;
+			ensure!(nodes.len() < T::MaxWellKnownNodes::get() as usize, Error::<T>::TooManyNodes);
+
+			Self::initialize_nodes(&nodes);
+
+			Self::deposit_event(Event::NodesReset { nodes });
+			Ok(())
+		}
+
+		/// A given node can be claimed by anyone. The owner should be the first to know its
+		/// PeerId, so claim it right away!
+		///
+		/// - `node`: identifier of the node.
+		#[pallet::call_index(4)]
+		#[pallet::weight(T::WeightInfo::claim_node())]
+		pub fn claim_node(origin: OriginFor<T>, node: PeerId) -> DispatchResult {
+			let sender = ensure_signed(origin)?;
+
+			ensure!(node.0.len() < T::MaxPeerIdLength::get() as usize, Error::<T>::PeerIdTooLong);
+			ensure!(!Owners::<T>::contains_key(&node), Error::<T>::AlreadyClaimed);
+
+			Owners::<T>::insert(&node, &sender);
+			Self::deposit_event(Event::NodeClaimed { peer_id: node, who: sender });
+			Ok(())
+		}
+
+		/// A claim can be removed by its owner and get back the reservation. The additional
+		/// connections are also removed. You can't remove a claim on well known nodes, as it
+		/// needs to reach consensus among the network participants.
+		///
+		/// - `node`: identifier of the node.
+		#[pallet::call_index(5)]
+		#[pallet::weight(T::WeightInfo::remove_claim())]
+		pub fn remove_claim(origin: OriginFor<T>, node: PeerId) -> DispatchResult {
+			let sender = ensure_signed(origin)?;
+
+			ensure!(node.0.len() < T::MaxPeerIdLength::get() as usize, Error::<T>::PeerIdTooLong);
+			let owner = Owners::<T>::get(&node).ok_or(Error::<T>::NotClaimed)?;
+			ensure!(owner == sender, Error::<T>::NotOwner);
+			ensure!(!WellKnownNodes::<T>::get().contains(&node), Error::<T>::PermissionDenied);
+
+			Owners::<T>::remove(&node);
+			AdditionalConnections::<T>::remove(&node);
+
+			Self::deposit_event(Event::ClaimRemoved { peer_id: node, who: sender });
+			Ok(())
+		}
+
+		/// A node can be transferred to a new owner.
+		///
+		/// - `node`: identifier of the node.
+		/// - `owner`: new owner of the node.
+		#[pallet::call_index(6)]
+		#[pallet::weight(T::WeightInfo::transfer_node())]
+		pub fn transfer_node(
+			origin: OriginFor<T>,
+			node: PeerId,
+			owner: AccountIdLookupOf<T>,
+		) -> DispatchResult {
+			let sender = ensure_signed(origin)?;
+			let owner = T::Lookup::lookup(owner)?;
+
+			ensure!(node.0.len() < T::MaxPeerIdLength::get() as usize, Error::<T>::PeerIdTooLong);
+			let pre_owner = Owners::<T>::get(&node).ok_or(Error::<T>::NotClaimed)?;
+			ensure!(pre_owner == sender, Error::<T>::NotOwner);
+
+			Owners::<T>::insert(&node, &owner);
+
+			Self::deposit_event(Event::NodeTransferred { peer_id: node, target: owner });
+			Ok(())
+		}
+
+		/// Add additional connections to a given node.
+		///
+		/// - `node`: identifier of the node.
+		/// - `connections`: additional nodes from which the connections are allowed.
+		#[pallet::call_index(7)]
+		#[pallet::weight(T::WeightInfo::add_connections())]
+		pub fn add_connections(
+			origin: OriginFor<T>,
+			node: PeerId,
+			connections: Vec<PeerId>,
+		) -> DispatchResult {
+			let sender = ensure_signed(origin)?;
+
+			ensure!(node.0.len() < T::MaxPeerIdLength::get() as usize, Error::<T>::PeerIdTooLong);
+			let owner = Owners::<T>::get(&node).ok_or(Error::<T>::NotClaimed)?;
+			ensure!(owner == sender, Error::<T>::NotOwner);
+
+			let mut nodes = AdditionalConnections::<T>::get(&node);
+
+			for add_node in connections.iter() {
+				if *add_node == node {
+					continue;
+				}
+				nodes.insert(add_node.clone());
+			}
+
+			AdditionalConnections::<T>::insert(&node, nodes);
+
+			Self::deposit_event(Event::ConnectionsAdded {
+				peer_id: node,
+				allowed_connections: connections,
+			});
+			Ok(())
+		}
+
+		/// Remove additional connections of a given node.
+		///
+		/// - `node`: identifier of the node.
+		/// - `connections`: additional nodes from which the connections are not allowed anymore.
+		#[pallet::call_index(8)]
+		#[pallet::weight(T::WeightInfo::remove_connections())]
+		pub fn remove_connections(
+			origin: OriginFor<T>,
+			node: PeerId,
+			connections: Vec<PeerId>,
+		) -> DispatchResult {
+			let sender = ensure_signed(origin)?;
+
+			ensure!(node.0.len() < T::MaxPeerIdLength::get() as usize, Error::<T>::PeerIdTooLong);
+			let owner = Owners::<T>::get(&node).ok_or(Error::<T>::NotClaimed)?;
+			ensure!(owner == sender, Error::<T>::NotOwner);
+
+			let mut nodes = AdditionalConnections::<T>::get(&node);
+
+			for remove_node in connections.iter() {
+				nodes.remove(remove_node);
+			}
+
+			AdditionalConnections::<T>::insert(&node, nodes);
+
+			Self::deposit_event(Event::ConnectionsRemoved {
+				peer_id: node,
+				allowed_connections: connections,
+			});
+			Ok(())
+		}
+	}
+}
+
+impl<T: Config> Pallet<T> {
+	fn initialize_nodes(nodes: &Vec<(PeerId, T::AccountId)>) {
+		let peer_ids = nodes.iter().map(|item| item.0.clone()).collect::<BTreeSet<PeerId>>();
+		WellKnownNodes::<T>::put(&peer_ids);
+
+		for (node, who) in nodes.iter() {
+			Owners::<T>::insert(node, who);
+		}
+	}
+
+	fn get_authorized_nodes(node: &PeerId) -> Vec<PeerId> {
+		let mut nodes = AdditionalConnections::<T>::get(node);
+
+		let mut well_known_nodes = WellKnownNodes::<T>::get();
+		if well_known_nodes.contains(node) {
+			well_known_nodes.remove(node);
+			nodes.extend(well_known_nodes);
+		}
+
+		Vec::from_iter(nodes)
+	}
+}
@@ -0,0 +1,70 @@
+// This file is part of Substrate.
+
+// Copyright (C) Parity Technologies (UK) Ltd.
+// SPDX-License-Identifier: Apache-2.0
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// 	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Test environment for node-authorization pallet.
+
+use super::*;
+use crate as pallet_node_authorization;
+
+use frame::testing_prelude::*;
+
+type Block = frame_system::mocking::MockBlock<Test>;
+
+construct_runtime!(
+	pub enum Test
+	{
+		System: frame_system,
+		NodeAuthorization: pallet_node_authorization,
+	}
+);
+
+#[derive_impl(frame_system::config_preludes::TestDefaultConfig)]
+impl frame_system::Config for Test {
+	type Block = Block;
+}
+
+ord_parameter_types! {
+	pub const One: u64 = 1;
+	pub const Two: u64 = 2;
+	pub const Three: u64 = 3;
+	pub const Four: u64 = 4;
+}
+
+impl Config for Test {
+	type RuntimeEvent = RuntimeEvent;
+	type MaxWellKnownNodes = ConstU32<4>;
+	type MaxPeerIdLength = ConstU32<2>;
+	type AddOrigin = EnsureSignedBy<One, u64>;
+	type RemoveOrigin = EnsureSignedBy<Two, u64>;
+	type SwapOrigin = EnsureSignedBy<Three, u64>;
+	type ResetOrigin = EnsureSignedBy<Four, u64>;
+	type WeightInfo = ();
+}
+
+pub fn test_node(id: u8) -> PeerId {
+	PeerId(vec![id])
+}
+
+pub fn new_test_ext() -> TestState {
+	let mut t = frame_system::GenesisConfig::<Test>::default().build_storage().unwrap();
+	pallet_node_authorization::GenesisConfig::<Test> {
+		nodes: vec![(test_node(10), 10), (test_node(20), 20), (test_node(30), 30)],
+	}
+	.assimilate_storage(&mut t)
+	.unwrap();
+	t.into()
+}
@@ -0,0 +1,391 @@
+// This file is part of Substrate.
+
+// Copyright (C) Parity Technologies (UK) Ltd.
+// SPDX-License-Identifier: Apache-2.0
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// 	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Tests for node-authorization pallet.
+
+use super::*;
+use crate::mock::*;
+use frame::testing_prelude::*;
+
+#[test]
+fn add_well_known_node_works() {
+	new_test_ext().execute_with(|| {
+		assert_noop!(
+			NodeAuthorization::add_well_known_node(RuntimeOrigin::signed(2), test_node(15), 15),
+			BadOrigin
+		);
+		assert_noop!(
+			NodeAuthorization::add_well_known_node(
+				RuntimeOrigin::signed(1),
+				PeerId(vec![1, 2, 3]),
+				15
+			),
+			Error::<Test>::PeerIdTooLong
+		);
+		assert_noop!(
+			NodeAuthorization::add_well_known_node(RuntimeOrigin::signed(1), test_node(20), 20),
+			Error::<Test>::AlreadyJoined
+		);
+
+		assert_ok!(NodeAuthorization::add_well_known_node(
+			RuntimeOrigin::signed(1),
+			test_node(15),
+			15
+		));
+		assert_eq!(
+			WellKnownNodes::<Test>::get(),
+			BTreeSet::from_iter(vec![test_node(10), test_node(15), test_node(20), test_node(30)])
+		);
+		assert_eq!(Owners::<Test>::get(test_node(10)), Some(10));
+		assert_eq!(Owners::<Test>::get(test_node(20)), Some(20));
+		assert_eq!(Owners::<Test>::get(test_node(30)), Some(30));
+		assert_eq!(Owners::<Test>::get(test_node(15)), Some(15));
+
+		assert_noop!(
+			NodeAuthorization::add_well_known_node(RuntimeOrigin::signed(1), test_node(25), 25),
+			Error::<Test>::TooManyNodes
+		);
+	});
+}
+
+#[test]
+fn remove_well_known_node_works() {
+	new_test_ext().execute_with(|| {
+		assert_noop!(
+			NodeAuthorization::remove_well_known_node(RuntimeOrigin::signed(3), test_node(20)),
+			BadOrigin
+		);
+		assert_noop!(
+			NodeAuthorization::remove_well_known_node(
+				RuntimeOrigin::signed(2),
+				PeerId(vec![1, 2, 3])
+			),
+			Error::<Test>::PeerIdTooLong
+		);
+		assert_noop!(
+			NodeAuthorization::remove_well_known_node(RuntimeOrigin::signed(2), test_node(40)),
+			Error::<Test>::NotExist
+		);
+
+		AdditionalConnections::<Test>::insert(
+			test_node(20),
+			BTreeSet::from_iter(vec![test_node(40)]),
+		);
+		assert!(AdditionalConnections::<Test>::contains_key(test_node(20)));
+
+		assert_ok!(NodeAuthorization::remove_well_known_node(
+			RuntimeOrigin::signed(2),
+			test_node(20)
+		));
+		assert_eq!(
+			WellKnownNodes::<Test>::get(),
+			BTreeSet::from_iter(vec![test_node(10), test_node(30)])
+		);
+		assert!(!Owners::<Test>::contains_key(test_node(20)));
+		assert!(!AdditionalConnections::<Test>::contains_key(test_node(20)));
+	});
+}
+
+#[test]
+fn swap_well_known_node_works() {
+	new_test_ext().execute_with(|| {
+		assert_noop!(
+			NodeAuthorization::swap_well_known_node(
+				RuntimeOrigin::signed(4),
+				test_node(20),
+				test_node(5)
+			),
+			BadOrigin
+		);
+		assert_noop!(
+			NodeAuthorization::swap_well_known_node(
+				RuntimeOrigin::signed(3),
+				PeerId(vec![1, 2, 3]),
+				test_node(20)
+			),
+			Error::<Test>::PeerIdTooLong
+		);
+		assert_noop!(
+			NodeAuthorization::swap_well_known_node(
+				RuntimeOrigin::signed(3),
+				test_node(20),
+				PeerId(vec![1, 2, 3])
+			),
+			Error::<Test>::PeerIdTooLong
+		);
+
+		assert_ok!(NodeAuthorization::swap_well_known_node(
+			RuntimeOrigin::signed(3),
+			test_node(20),
+			test_node(20)
+		));
+		assert_eq!(
+			WellKnownNodes::<Test>::get(),
+			BTreeSet::from_iter(vec![test_node(10), test_node(20), test_node(30)])
+		);
+
+		assert_noop!(
+			NodeAuthorization::swap_well_known_node(
+				RuntimeOrigin::signed(3),
+				test_node(15),
+				test_node(5)
+			),
+			Error::<Test>::NotExist
+		);
+		assert_noop!(
+			NodeAuthorization::swap_well_known_node(
+				RuntimeOrigin::signed(3),
+				test_node(20),
+				test_node(30)
+			),
+			Error::<Test>::AlreadyJoined
+		);
+
+		AdditionalConnections::<Test>::insert(
+			test_node(20),
+			BTreeSet::from_iter(vec![test_node(15)]),
+		);
+		assert_ok!(NodeAuthorization::swap_well_known_node(
+			RuntimeOrigin::signed(3),
+			test_node(20),
+			test_node(5)
+		));
+		assert_eq!(
+			WellKnownNodes::<Test>::get(),
+			BTreeSet::from_iter(vec![test_node(5), test_node(10), test_node(30)])
+		);
+		assert!(!Owners::<Test>::contains_key(test_node(20)));
+		assert_eq!(Owners::<Test>::get(test_node(5)), Some(20));
+		assert!(!AdditionalConnections::<Test>::contains_key(test_node(20)));
+		assert_eq!(
+			AdditionalConnections::<Test>::get(test_node(5)),
+			BTreeSet::from_iter(vec![test_node(15)])
+		);
+	});
+}
+
+#[test]
+fn reset_well_known_nodes_works() {
+	new_test_ext().execute_with(|| {
+		assert_noop!(
+			NodeAuthorization::reset_well_known_nodes(
+				RuntimeOrigin::signed(3),
+				vec![(test_node(15), 15), (test_node(5), 5), (test_node(20), 20)]
+			),
+			BadOrigin
+		);
+		assert_noop!(
+			NodeAuthorization::reset_well_known_nodes(
+				RuntimeOrigin::signed(4),
+				vec![
+					(test_node(15), 15),
+					(test_node(5), 5),
+					(test_node(20), 20),
+					(test_node(25), 25),
+				]
+			),
+			Error::<Test>::TooManyNodes
+		);
+
+		assert_ok!(NodeAuthorization::reset_well_known_nodes(
+			RuntimeOrigin::signed(4),
+			vec![(test_node(15), 15), (test_node(5), 5), (test_node(20), 20)]
+		));
+		assert_eq!(
+			WellKnownNodes::<Test>::get(),
+			BTreeSet::from_iter(vec![test_node(5), test_node(15), test_node(20)])
+		);
+		assert_eq!(Owners::<Test>::get(test_node(5)), Some(5));
+		assert_eq!(Owners::<Test>::get(test_node(15)), Some(15));
+		assert_eq!(Owners::<Test>::get(test_node(20)), Some(20));
+	});
+}
+
+#[test]
+fn claim_node_works() {
+	new_test_ext().execute_with(|| {
+		assert_noop!(
+			NodeAuthorization::claim_node(RuntimeOrigin::signed(1), PeerId(vec![1, 2, 3])),
+			Error::<Test>::PeerIdTooLong
+		);
+		assert_noop!(
+			NodeAuthorization::claim_node(RuntimeOrigin::signed(1), test_node(20)),
+			Error::<Test>::AlreadyClaimed
+		);
+
+		assert_ok!(NodeAuthorization::claim_node(RuntimeOrigin::signed(15), test_node(15)));
+		assert_eq!(Owners::<Test>::get(test_node(15)), Some(15));
+	});
+}
+
+#[test]
+fn remove_claim_works() {
+	new_test_ext().execute_with(|| {
+		assert_noop!(
+			NodeAuthorization::remove_claim(RuntimeOrigin::signed(15), PeerId(vec![1, 2, 3])),
+			Error::<Test>::PeerIdTooLong
+		);
+		assert_noop!(
+			NodeAuthorization::remove_claim(RuntimeOrigin::signed(15), test_node(15)),
+			Error::<Test>::NotClaimed
+		);
+
+		assert_noop!(
+			NodeAuthorization::remove_claim(RuntimeOrigin::signed(15), test_node(20)),
+			Error::<Test>::NotOwner
+		);
+
+		assert_noop!(
+			NodeAuthorization::remove_claim(RuntimeOrigin::signed(20), test_node(20)),
+			Error::<Test>::PermissionDenied
+		);
+
+		Owners::<Test>::insert(test_node(15), 15);
+		AdditionalConnections::<Test>::insert(
+			test_node(15),
+			BTreeSet::from_iter(vec![test_node(20)]),
+		);
+		assert_ok!(NodeAuthorization::remove_claim(RuntimeOrigin::signed(15), test_node(15)));
+		assert!(!Owners::<Test>::contains_key(test_node(15)));
+		assert!(!AdditionalConnections::<Test>::contains_key(test_node(15)));
+	});
+}
+
+#[test]
+fn transfer_node_works() {
+	new_test_ext().execute_with(|| {
+		assert_noop!(
+			NodeAuthorization::transfer_node(RuntimeOrigin::signed(15), PeerId(vec![1, 2, 3]), 10),
+			Error::<Test>::PeerIdTooLong
+		);
+		assert_noop!(
+			NodeAuthorization::transfer_node(RuntimeOrigin::signed(15), test_node(15), 10),
+			Error::<Test>::NotClaimed
+		);
+
+		assert_noop!(
+			NodeAuthorization::transfer_node(RuntimeOrigin::signed(15), test_node(20), 10),
+			Error::<Test>::NotOwner
+		);
+
+		assert_ok!(NodeAuthorization::transfer_node(RuntimeOrigin::signed(20), test_node(20), 15));
+		assert_eq!(Owners::<Test>::get(test_node(20)), Some(15));
+	});
+}
+
+#[test]
+fn add_connections_works() {
+	new_test_ext().execute_with(|| {
+		assert_noop!(
+			NodeAuthorization::add_connections(
+				RuntimeOrigin::signed(15),
+				PeerId(vec![1, 2, 3]),
+				vec![test_node(5)]
+			),
+			Error::<Test>::PeerIdTooLong
+		);
+		assert_noop!(
+			NodeAuthorization::add_connections(
+				RuntimeOrigin::signed(15),
+				test_node(15),
+				vec![test_node(5)]
+			),
+			Error::<Test>::NotClaimed
+		);
+
+		assert_noop!(
+			NodeAuthorization::add_connections(
+				RuntimeOrigin::signed(15),
+				test_node(20),
+				vec![test_node(5)]
+			),
+			Error::<Test>::NotOwner
+		);
+
+		assert_ok!(NodeAuthorization::add_connections(
+			RuntimeOrigin::signed(20),
+			test_node(20),
+			vec![test_node(15), test_node(5), test_node(25), test_node(20)]
+		));
+		assert_eq!(
+			AdditionalConnections::<Test>::get(test_node(20)),
+			BTreeSet::from_iter(vec![test_node(5), test_node(15), test_node(25)])
+		);
+	});
+}
+
+#[test]
+fn remove_connections_works() {
+	new_test_ext().execute_with(|| {
+		assert_noop!(
+			NodeAuthorization::remove_connections(
+				RuntimeOrigin::signed(15),
+				PeerId(vec![1, 2, 3]),
+				vec![test_node(5)]
+			),
+			Error::<Test>::PeerIdTooLong
+		);
+		assert_noop!(
+			NodeAuthorization::remove_connections(
+				RuntimeOrigin::signed(15),
+				test_node(15),
+				vec![test_node(5)]
+			),
+			Error::<Test>::NotClaimed
+		);
+
+		assert_noop!(
+			NodeAuthorization::remove_connections(
+				RuntimeOrigin::signed(15),
+				test_node(20),
+				vec![test_node(5)]
+			),
+			Error::<Test>::NotOwner
+		);
+
+		AdditionalConnections::<Test>::insert(
+			test_node(20),
+			BTreeSet::from_iter(vec![test_node(5), test_node(15), test_node(25)]),
+		);
+		assert_ok!(NodeAuthorization::remove_connections(
+			RuntimeOrigin::signed(20),
+			test_node(20),
+			vec![test_node(15), test_node(5)]
+		));
+		assert_eq!(
+			AdditionalConnections::<Test>::get(test_node(20)),
+			BTreeSet::from_iter(vec![test_node(25)])
+		);
+	});
+}
+
+#[test]
+fn get_authorized_nodes_works() {
+	new_test_ext().execute_with(|| {
+		AdditionalConnections::<Test>::insert(
+			test_node(20),
+			BTreeSet::from_iter(vec![test_node(5), test_node(15), test_node(25)]),
+		);
+
+		let mut authorized_nodes = Pallet::<Test>::get_authorized_nodes(&test_node(20));
+		authorized_nodes.sort();
+		assert_eq!(
+			authorized_nodes,
+			vec![test_node(5), test_node(10), test_node(15), test_node(25), test_node(30)]
+		);
+	});
+}
@@ -0,0 +1,48 @@
+// This file is part of Substrate.
+
+// Copyright (C) Parity Technologies (UK) Ltd.
+// SPDX-License-Identifier: Apache-2.0
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Autogenerated weights for pallet_node_authorization
+
+#![cfg_attr(rustfmt, rustfmt_skip)]
+#![allow(unused_parens)]
+#![allow(unused_imports)]
+
+use frame::weights_prelude::*;
+
+pub trait WeightInfo {
+	fn add_well_known_node() -> Weight;
+	fn remove_well_known_node() -> Weight;
+	fn swap_well_known_node() -> Weight;
+	fn reset_well_known_nodes() -> Weight;
+	fn claim_node() -> Weight;
+	fn remove_claim() -> Weight;
+	fn transfer_node() -> Weight;
+	fn add_connections() -> Weight;
+	fn remove_connections() -> Weight;
+}
+
+impl WeightInfo for () {
+	fn add_well_known_node() -> Weight { Weight::from_parts(50_000_000, 0) }
+	fn remove_well_known_node() -> Weight { Weight::from_parts(50_000_000, 0) }
+	fn swap_well_known_node() -> Weight { Weight::from_parts(50_000_000, 0) }
+	fn reset_well_known_nodes() -> Weight { Weight::from_parts(50_000_000, 0) }
+	fn claim_node() -> Weight { Weight::from_parts(50_000_000, 0) }
+	fn remove_claim() -> Weight { Weight::from_parts(50_000_000, 0) }
+	fn transfer_node() -> Weight { Weight::from_parts(50_000_000, 0) }
+	fn add_connections() -> Weight { Weight::from_parts(50_000_000, 0) }
+	fn remove_connections() -> Weight { Weight::from_parts(50_000_000, 0) }
+}