mirror of
https://github.com/pezkuwichain/pezkuwi-subxt.git
synced 2026-04-26 14:37:57 +00:00
Dcompoze
002d9260f9
**Update:** Pushed additional changes based on the review comments. **This pull request fixes various spelling mistakes in this repository.** Most of the changes are contained in the first **3** commits: - `Fix spelling mistakes in comments and docs` - `Fix spelling mistakes in test names` - `Fix spelling mistakes in error messages, panic messages, logs and tracing` Other source code spelling mistakes are separated into individual commits for easier reviewing: - `Fix the spelling of 'authority'` - `Fix the spelling of 'REASONABLE_HEADERS_IN_JUSTIFICATION_ANCESTRY'` - `Fix the spelling of 'prev_enqueud_messages'` - `Fix the spelling of 'endpoint'` - `Fix the spelling of 'children'` - `Fix the spelling of 'PenpalSiblingSovereignAccount'` - `Fix the spelling of 'PenpalSudoAccount'` - `Fix the spelling of 'insufficient'` - `Fix the spelling of 'PalletXcmExtrinsicsBenchmark'` - `Fix the spelling of 'subtracted'` - `Fix the spelling of 'CandidatePendingAvailability'` - `Fix the spelling of 'exclusive'` - `Fix the spelling of 'until'` - `Fix the spelling of 'discriminator'` - `Fix the spelling of 'nonexistent'` - `Fix the spelling of 'subsystem'` - `Fix the spelling of 'indices'` - `Fix the spelling of 'committed'` - `Fix the spelling of 'topology'` - `Fix the spelling of 'response'` - `Fix the spelling of 'beneficiary'` - `Fix the spelling of 'formatted'` - `Fix the spelling of 'UNKNOWN_PROOF_REQUEST'` - `Fix the spelling of 'succeeded'` - `Fix the spelling of 'reopened'` - `Fix the spelling of 'proposer'` - `Fix the spelling of 'InstantiationNonce'` - `Fix the spelling of 'depositor'` - `Fix the spelling of 'expiration'` - `Fix the spelling of 'phantom'` - `Fix the spelling of 'AggregatedKeyValue'` - `Fix the spelling of 'randomness'` - `Fix the spelling of 'defendant'` - `Fix the spelling of 'AquaticMammal'` - `Fix the spelling of 'transactions'` - `Fix the spelling of 'PassingTracingSubscriber'` - `Fix the spelling of 'TxSignaturePayload'` - `Fix the spelling of 'versioning'` - `Fix the spelling of 'descendant'` - `Fix the spelling of 'overridden'` - `Fix the spelling of 'network'` Let me know if this structure is adequate. **Note:** The usage of the words `Merkle`, `Merkelize`, `Merklization`, `Merkelization`, `Merkleization`, is somewhat inconsistent but I left it as it is. ~~**Note:** In some places the term `Receival` is used to refer to message reception, IMO `Reception` is the correct word here, but I left it as it is.~~ ~~**Note:** In some places the term `Overlayed` is used instead of the more acceptable version `Overlaid` but I also left it as it is.~~ ~~**Note:** In some places the term `Applyable` is used instead of the correct version `Applicable` but I also left it as it is.~~ **Note:** Some usage of British vs American english e.g. `judgement` vs `judgment`, `initialise` vs `initialize`, `optimise` vs `optimize` etc. are both present in different places, but I suppose that's understandable given the number of contributors. ~~**Note:** There is a spelling mistake in `.github/CODEOWNERS` but it triggers errors in CI when I make changes to it, so I left it as it is.~~
468 lines
16 KiB
Rust
468 lines
16 KiB
Rust
// This file is part of Substrate.
|
|
|
|
// Copyright (C) Parity Technologies (UK) Ltd.
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
//! # Node authorization pallet
|
|
//!
|
|
//! This pallet manages a configurable set of nodes for a permissioned network.
|
|
//! Each node is identified by a PeerId (i.e. `Vec<u8>`). It provides two ways to
|
|
//! authorize a node,
|
|
//!
|
|
//! - a set of well known nodes across different organizations in which the
|
|
//! connections are allowed.
|
|
//! - users can claim the ownership for each node, then manage the connections of
|
|
//! the node.
|
|
//!
|
|
//! A node must have an owner. The owner can additionally change the connections
|
|
//! for the node. Only one user is allowed to claim a specific node. To eliminate
|
|
//! false claim, the maintainer of the node should claim it before even starting the
|
|
//! node. This pallet uses offchain worker to set reserved nodes, if the node is not
|
|
//! an authority, make sure to enable offchain worker with the right CLI flag. The
|
|
//! node can be lagged with the latest block, in this case you need to disable offchain
|
|
//! worker and manually set reserved nodes when starting it.
|
|
|
|
// Ensure we're `no_std` when compiling for Wasm.
|
|
#![cfg_attr(not(feature = "std"), no_std)]
|
|
|
|
#[cfg(test)]
|
|
mod mock;
|
|
#[cfg(test)]
|
|
mod tests;
|
|
|
|
pub mod weights;
|
|
|
|
pub use pallet::*;
|
|
use sp_core::OpaquePeerId as PeerId;
|
|
use sp_runtime::traits::StaticLookup;
|
|
use sp_std::{collections::btree_set::BTreeSet, iter::FromIterator, prelude::*};
|
|
pub use weights::WeightInfo;
|
|
|
|
type AccountIdLookupOf<T> = <<T as frame_system::Config>::Lookup as StaticLookup>::Source;
|
|
|
|
#[frame_support::pallet]
|
|
pub mod pallet {
|
|
use super::*;
|
|
use frame_support::pallet_prelude::*;
|
|
use frame_system::pallet_prelude::*;
|
|
|
|
#[pallet::pallet]
|
|
#[pallet::without_storage_info]
|
|
pub struct Pallet<T>(_);
|
|
|
|
/// The module configuration trait
|
|
#[pallet::config]
|
|
pub trait Config: frame_system::Config {
|
|
/// The overarching event type.
|
|
type RuntimeEvent: From<Event<Self>> + IsType<<Self as frame_system::Config>::RuntimeEvent>;
|
|
|
|
/// The maximum number of well known nodes that are allowed to set
|
|
#[pallet::constant]
|
|
type MaxWellKnownNodes: Get<u32>;
|
|
|
|
/// The maximum length in bytes of PeerId
|
|
#[pallet::constant]
|
|
type MaxPeerIdLength: Get<u32>;
|
|
|
|
/// The origin which can add a well known node.
|
|
type AddOrigin: EnsureOrigin<Self::RuntimeOrigin>;
|
|
|
|
/// The origin which can remove a well known node.
|
|
type RemoveOrigin: EnsureOrigin<Self::RuntimeOrigin>;
|
|
|
|
/// The origin which can swap the well known nodes.
|
|
type SwapOrigin: EnsureOrigin<Self::RuntimeOrigin>;
|
|
|
|
/// The origin which can reset the well known nodes.
|
|
type ResetOrigin: EnsureOrigin<Self::RuntimeOrigin>;
|
|
|
|
/// Weight information for extrinsics in this pallet.
|
|
type WeightInfo: WeightInfo;
|
|
}
|
|
|
|
/// The set of well known nodes. This is stored sorted (just by value).
|
|
#[pallet::storage]
|
|
#[pallet::getter(fn well_known_nodes)]
|
|
pub type WellKnownNodes<T> = StorageValue<_, BTreeSet<PeerId>, ValueQuery>;
|
|
|
|
/// A map that maintains the ownership of each node.
|
|
#[pallet::storage]
|
|
#[pallet::getter(fn owners)]
|
|
pub type Owners<T: Config> = StorageMap<_, Blake2_128Concat, PeerId, T::AccountId>;
|
|
|
|
/// The additional adaptive connections of each node.
|
|
#[pallet::storage]
|
|
#[pallet::getter(fn additional_connection)]
|
|
pub type AdditionalConnections<T> =
|
|
StorageMap<_, Blake2_128Concat, PeerId, BTreeSet<PeerId>, ValueQuery>;
|
|
|
|
#[pallet::genesis_config]
|
|
#[derive(frame_support::DefaultNoBound)]
|
|
pub struct GenesisConfig<T: Config> {
|
|
pub nodes: Vec<(PeerId, T::AccountId)>,
|
|
}
|
|
|
|
#[pallet::genesis_build]
|
|
impl<T: Config> BuildGenesisConfig for GenesisConfig<T> {
|
|
fn build(&self) {
|
|
Pallet::<T>::initialize_nodes(&self.nodes);
|
|
}
|
|
}
|
|
|
|
#[pallet::event]
|
|
#[pallet::generate_deposit(pub(super) fn deposit_event)]
|
|
pub enum Event<T: Config> {
|
|
/// The given well known node was added.
|
|
NodeAdded { peer_id: PeerId, who: T::AccountId },
|
|
/// The given well known node was removed.
|
|
NodeRemoved { peer_id: PeerId },
|
|
/// The given well known node was swapped; first item was removed,
|
|
/// the latter was added.
|
|
NodeSwapped { removed: PeerId, added: PeerId },
|
|
/// The given well known nodes were reset.
|
|
NodesReset { nodes: Vec<(PeerId, T::AccountId)> },
|
|
/// The given node was claimed by a user.
|
|
NodeClaimed { peer_id: PeerId, who: T::AccountId },
|
|
/// The given claim was removed by its owner.
|
|
ClaimRemoved { peer_id: PeerId, who: T::AccountId },
|
|
/// The node was transferred to another account.
|
|
NodeTransferred { peer_id: PeerId, target: T::AccountId },
|
|
/// The allowed connections were added to a node.
|
|
ConnectionsAdded { peer_id: PeerId, allowed_connections: Vec<PeerId> },
|
|
/// The allowed connections were removed from a node.
|
|
ConnectionsRemoved { peer_id: PeerId, allowed_connections: Vec<PeerId> },
|
|
}
|
|
|
|
#[pallet::error]
|
|
pub enum Error<T> {
|
|
/// The PeerId is too long.
|
|
PeerIdTooLong,
|
|
/// Too many well known nodes.
|
|
TooManyNodes,
|
|
/// The node is already joined in the list.
|
|
AlreadyJoined,
|
|
/// The node doesn't exist in the list.
|
|
NotExist,
|
|
/// The node is already claimed by a user.
|
|
AlreadyClaimed,
|
|
/// The node hasn't been claimed yet.
|
|
NotClaimed,
|
|
/// You are not the owner of the node.
|
|
NotOwner,
|
|
/// No permission to perform specific operation.
|
|
PermissionDenied,
|
|
}
|
|
|
|
#[pallet::hooks]
|
|
impl<T: Config> Hooks<BlockNumberFor<T>> for Pallet<T> {
|
|
/// Set reserved node every block. It may not be enabled depends on the offchain
|
|
/// worker settings when starting the node.
|
|
fn offchain_worker(now: frame_system::pallet_prelude::BlockNumberFor<T>) {
|
|
let network_state = sp_io::offchain::network_state();
|
|
match network_state {
|
|
Err(_) => log::error!(
|
|
target: "runtime::node-authorization",
|
|
"Error: failed to get network state of node at {:?}",
|
|
now,
|
|
),
|
|
Ok(state) => {
|
|
let encoded_peer = state.peer_id.0;
|
|
match Decode::decode(&mut &encoded_peer[..]) {
|
|
Err(_) => log::error!(
|
|
target: "runtime::node-authorization",
|
|
"Error: failed to decode PeerId at {:?}",
|
|
now,
|
|
),
|
|
Ok(node) => sp_io::offchain::set_authorized_nodes(
|
|
Self::get_authorized_nodes(&PeerId(node)),
|
|
true,
|
|
),
|
|
}
|
|
},
|
|
}
|
|
}
|
|
}
|
|
|
|
#[pallet::call]
|
|
impl<T: Config> Pallet<T> {
|
|
/// Add a node to the set of well known nodes. If the node is already claimed, the owner
|
|
/// will be updated and keep the existing additional connection unchanged.
|
|
///
|
|
/// May only be called from `T::AddOrigin`.
|
|
///
|
|
/// - `node`: identifier of the node.
|
|
#[pallet::call_index(0)]
|
|
#[pallet::weight((T::WeightInfo::add_well_known_node(), DispatchClass::Operational))]
|
|
pub fn add_well_known_node(
|
|
origin: OriginFor<T>,
|
|
node: PeerId,
|
|
owner: AccountIdLookupOf<T>,
|
|
) -> DispatchResult {
|
|
T::AddOrigin::ensure_origin(origin)?;
|
|
let owner = T::Lookup::lookup(owner)?;
|
|
ensure!(node.0.len() < T::MaxPeerIdLength::get() as usize, Error::<T>::PeerIdTooLong);
|
|
|
|
let mut nodes = WellKnownNodes::<T>::get();
|
|
ensure!(nodes.len() < T::MaxWellKnownNodes::get() as usize, Error::<T>::TooManyNodes);
|
|
ensure!(!nodes.contains(&node), Error::<T>::AlreadyJoined);
|
|
|
|
nodes.insert(node.clone());
|
|
|
|
WellKnownNodes::<T>::put(&nodes);
|
|
<Owners<T>>::insert(&node, &owner);
|
|
|
|
Self::deposit_event(Event::NodeAdded { peer_id: node, who: owner });
|
|
Ok(())
|
|
}
|
|
|
|
/// Remove a node from the set of well known nodes. The ownership and additional
|
|
/// connections of the node will also be removed.
|
|
///
|
|
/// May only be called from `T::RemoveOrigin`.
|
|
///
|
|
/// - `node`: identifier of the node.
|
|
#[pallet::call_index(1)]
|
|
#[pallet::weight((T::WeightInfo::remove_well_known_node(), DispatchClass::Operational))]
|
|
pub fn remove_well_known_node(origin: OriginFor<T>, node: PeerId) -> DispatchResult {
|
|
T::RemoveOrigin::ensure_origin(origin)?;
|
|
ensure!(node.0.len() < T::MaxPeerIdLength::get() as usize, Error::<T>::PeerIdTooLong);
|
|
|
|
let mut nodes = WellKnownNodes::<T>::get();
|
|
ensure!(nodes.contains(&node), Error::<T>::NotExist);
|
|
|
|
nodes.remove(&node);
|
|
|
|
WellKnownNodes::<T>::put(&nodes);
|
|
<Owners<T>>::remove(&node);
|
|
AdditionalConnections::<T>::remove(&node);
|
|
|
|
Self::deposit_event(Event::NodeRemoved { peer_id: node });
|
|
Ok(())
|
|
}
|
|
|
|
/// Swap a well known node to another. Both the ownership and additional connections
|
|
/// stay untouched.
|
|
///
|
|
/// May only be called from `T::SwapOrigin`.
|
|
///
|
|
/// - `remove`: the node which will be moved out from the list.
|
|
/// - `add`: the node which will be put in the list.
|
|
#[pallet::call_index(2)]
|
|
#[pallet::weight((T::WeightInfo::swap_well_known_node(), DispatchClass::Operational))]
|
|
pub fn swap_well_known_node(
|
|
origin: OriginFor<T>,
|
|
remove: PeerId,
|
|
add: PeerId,
|
|
) -> DispatchResult {
|
|
T::SwapOrigin::ensure_origin(origin)?;
|
|
ensure!(remove.0.len() < T::MaxPeerIdLength::get() as usize, Error::<T>::PeerIdTooLong);
|
|
ensure!(add.0.len() < T::MaxPeerIdLength::get() as usize, Error::<T>::PeerIdTooLong);
|
|
|
|
if remove == add {
|
|
return Ok(())
|
|
}
|
|
|
|
let mut nodes = WellKnownNodes::<T>::get();
|
|
ensure!(nodes.contains(&remove), Error::<T>::NotExist);
|
|
ensure!(!nodes.contains(&add), Error::<T>::AlreadyJoined);
|
|
|
|
nodes.remove(&remove);
|
|
nodes.insert(add.clone());
|
|
|
|
WellKnownNodes::<T>::put(&nodes);
|
|
Owners::<T>::swap(&remove, &add);
|
|
AdditionalConnections::<T>::swap(&remove, &add);
|
|
|
|
Self::deposit_event(Event::NodeSwapped { removed: remove, added: add });
|
|
Ok(())
|
|
}
|
|
|
|
/// Reset all the well known nodes. This will not remove the ownership and additional
|
|
/// connections for the removed nodes. The node owner can perform further cleaning if
|
|
/// they decide to leave the network.
|
|
///
|
|
/// May only be called from `T::ResetOrigin`.
|
|
///
|
|
/// - `nodes`: the new nodes for the allow list.
|
|
#[pallet::call_index(3)]
|
|
#[pallet::weight((T::WeightInfo::reset_well_known_nodes(), DispatchClass::Operational))]
|
|
pub fn reset_well_known_nodes(
|
|
origin: OriginFor<T>,
|
|
nodes: Vec<(PeerId, T::AccountId)>,
|
|
) -> DispatchResult {
|
|
T::ResetOrigin::ensure_origin(origin)?;
|
|
ensure!(nodes.len() < T::MaxWellKnownNodes::get() as usize, Error::<T>::TooManyNodes);
|
|
|
|
Self::initialize_nodes(&nodes);
|
|
|
|
Self::deposit_event(Event::NodesReset { nodes });
|
|
Ok(())
|
|
}
|
|
|
|
/// A given node can be claimed by anyone. The owner should be the first to know its
|
|
/// PeerId, so claim it right away!
|
|
///
|
|
/// - `node`: identifier of the node.
|
|
#[pallet::call_index(4)]
|
|
#[pallet::weight(T::WeightInfo::claim_node())]
|
|
pub fn claim_node(origin: OriginFor<T>, node: PeerId) -> DispatchResult {
|
|
let sender = ensure_signed(origin)?;
|
|
|
|
ensure!(node.0.len() < T::MaxPeerIdLength::get() as usize, Error::<T>::PeerIdTooLong);
|
|
ensure!(!Owners::<T>::contains_key(&node), Error::<T>::AlreadyClaimed);
|
|
|
|
Owners::<T>::insert(&node, &sender);
|
|
Self::deposit_event(Event::NodeClaimed { peer_id: node, who: sender });
|
|
Ok(())
|
|
}
|
|
|
|
/// A claim can be removed by its owner and get back the reservation. The additional
|
|
/// connections are also removed. You can't remove a claim on well known nodes, as it
|
|
/// needs to reach consensus among the network participants.
|
|
///
|
|
/// - `node`: identifier of the node.
|
|
#[pallet::call_index(5)]
|
|
#[pallet::weight(T::WeightInfo::remove_claim())]
|
|
pub fn remove_claim(origin: OriginFor<T>, node: PeerId) -> DispatchResult {
|
|
let sender = ensure_signed(origin)?;
|
|
|
|
ensure!(node.0.len() < T::MaxPeerIdLength::get() as usize, Error::<T>::PeerIdTooLong);
|
|
let owner = Owners::<T>::get(&node).ok_or(Error::<T>::NotClaimed)?;
|
|
ensure!(owner == sender, Error::<T>::NotOwner);
|
|
ensure!(!WellKnownNodes::<T>::get().contains(&node), Error::<T>::PermissionDenied);
|
|
|
|
Owners::<T>::remove(&node);
|
|
AdditionalConnections::<T>::remove(&node);
|
|
|
|
Self::deposit_event(Event::ClaimRemoved { peer_id: node, who: sender });
|
|
Ok(())
|
|
}
|
|
|
|
/// A node can be transferred to a new owner.
|
|
///
|
|
/// - `node`: identifier of the node.
|
|
/// - `owner`: new owner of the node.
|
|
#[pallet::call_index(6)]
|
|
#[pallet::weight(T::WeightInfo::transfer_node())]
|
|
pub fn transfer_node(
|
|
origin: OriginFor<T>,
|
|
node: PeerId,
|
|
owner: AccountIdLookupOf<T>,
|
|
) -> DispatchResult {
|
|
let sender = ensure_signed(origin)?;
|
|
let owner = T::Lookup::lookup(owner)?;
|
|
|
|
ensure!(node.0.len() < T::MaxPeerIdLength::get() as usize, Error::<T>::PeerIdTooLong);
|
|
let pre_owner = Owners::<T>::get(&node).ok_or(Error::<T>::NotClaimed)?;
|
|
ensure!(pre_owner == sender, Error::<T>::NotOwner);
|
|
|
|
Owners::<T>::insert(&node, &owner);
|
|
|
|
Self::deposit_event(Event::NodeTransferred { peer_id: node, target: owner });
|
|
Ok(())
|
|
}
|
|
|
|
/// Add additional connections to a given node.
|
|
///
|
|
/// - `node`: identifier of the node.
|
|
/// - `connections`: additional nodes from which the connections are allowed.
|
|
#[pallet::call_index(7)]
|
|
#[pallet::weight(T::WeightInfo::add_connections())]
|
|
pub fn add_connections(
|
|
origin: OriginFor<T>,
|
|
node: PeerId,
|
|
connections: Vec<PeerId>,
|
|
) -> DispatchResult {
|
|
let sender = ensure_signed(origin)?;
|
|
|
|
ensure!(node.0.len() < T::MaxPeerIdLength::get() as usize, Error::<T>::PeerIdTooLong);
|
|
let owner = Owners::<T>::get(&node).ok_or(Error::<T>::NotClaimed)?;
|
|
ensure!(owner == sender, Error::<T>::NotOwner);
|
|
|
|
let mut nodes = AdditionalConnections::<T>::get(&node);
|
|
|
|
for add_node in connections.iter() {
|
|
if *add_node == node {
|
|
continue
|
|
}
|
|
nodes.insert(add_node.clone());
|
|
}
|
|
|
|
AdditionalConnections::<T>::insert(&node, nodes);
|
|
|
|
Self::deposit_event(Event::ConnectionsAdded {
|
|
peer_id: node,
|
|
allowed_connections: connections,
|
|
});
|
|
Ok(())
|
|
}
|
|
|
|
/// Remove additional connections of a given node.
|
|
///
|
|
/// - `node`: identifier of the node.
|
|
/// - `connections`: additional nodes from which the connections are not allowed anymore.
|
|
#[pallet::call_index(8)]
|
|
#[pallet::weight(T::WeightInfo::remove_connections())]
|
|
pub fn remove_connections(
|
|
origin: OriginFor<T>,
|
|
node: PeerId,
|
|
connections: Vec<PeerId>,
|
|
) -> DispatchResult {
|
|
let sender = ensure_signed(origin)?;
|
|
|
|
ensure!(node.0.len() < T::MaxPeerIdLength::get() as usize, Error::<T>::PeerIdTooLong);
|
|
let owner = Owners::<T>::get(&node).ok_or(Error::<T>::NotClaimed)?;
|
|
ensure!(owner == sender, Error::<T>::NotOwner);
|
|
|
|
let mut nodes = AdditionalConnections::<T>::get(&node);
|
|
|
|
for remove_node in connections.iter() {
|
|
nodes.remove(remove_node);
|
|
}
|
|
|
|
AdditionalConnections::<T>::insert(&node, nodes);
|
|
|
|
Self::deposit_event(Event::ConnectionsRemoved {
|
|
peer_id: node,
|
|
allowed_connections: connections,
|
|
});
|
|
Ok(())
|
|
}
|
|
}
|
|
}
|
|
|
|
impl<T: Config> Pallet<T> {
|
|
fn initialize_nodes(nodes: &Vec<(PeerId, T::AccountId)>) {
|
|
let peer_ids = nodes.iter().map(|item| item.0.clone()).collect::<BTreeSet<PeerId>>();
|
|
WellKnownNodes::<T>::put(&peer_ids);
|
|
|
|
for (node, who) in nodes.iter() {
|
|
Owners::<T>::insert(node, who);
|
|
}
|
|
}
|
|
|
|
fn get_authorized_nodes(node: &PeerId) -> Vec<PeerId> {
|
|
let mut nodes = AdditionalConnections::<T>::get(node);
|
|
|
|
let mut well_known_nodes = WellKnownNodes::<T>::get();
|
|
if well_known_nodes.contains(node) {
|
|
well_known_nodes.remove(node);
|
|
nodes.extend(well_known_nodes);
|
|
}
|
|
|
|
Vec::from_iter(nodes)
|
|
}
|
|
}
|