4 releases (2 stable)
new 2.0.0 | Dec 4, 2024 |
---|---|
1.0.0 | Jan 19, 2024 |
0.1.1 | May 17, 2023 |
0.1.0 | Jan 6, 2023 |
#6 in #lending
218 downloads per month
Used in neptune-common
13KB
111 lines
neptune-auth
This package is used to manage the authentication of callers for any arbitrary message type.
Usage
The first step is to create some sort of config type which has access to stored addresses.
#[derive(Copy, Display)]
#[cw_serde]
pub enum Config {
Admin,
Bot,
}
Then you should impl GetPermissionGroup for the Config.
impl GetPermissionGroup for Config {
fn get_permission_group(&self, deps: Deps<impl CustomQuery>, _env: &Env) -> Result<PermissionGroup, NeptAuthError> {
// How your config accesses storage is up to you
// Here we use a map from cw_storage_plus
Ok(vec![self.load(deps).unwrap()].into())
}
}
Then you can can assign a permission group for each variant in a given message type. Here I use ExecuteMsg as an example.
use crate::config::Config::*;
impl NeptuneAuth for ExecuteMsg {
fn permissions(&self) -> Result<Vec<&dyn GetPermissionGroup>, NeptAuthError> {
Ok(match self {
ExecuteMsg::SetConfig { .. } => vec![&Admin],
ExecuteMsg::AddAsset { .. } => vec![&Bot],
ExecuteMsg::RemoveAsset { .. } => vec![&Bot],
ExecuteMsg::UpdatePrices { .. } => vec![&Admin, &Bot],
})
}
}
And finally you place the authorization check inside the execute entry point (or wherever else you'd like to verify authorization).
#[cfg_attr(not(feature = "library"), entry_point)]
pub fn execute(deps: DepsMut<impl CustomQuery>, env: Env, info: MessageInfo, msg: ExecuteMsg) -> Result<Response, MyError> {
// This is the line that checks the permissions
// It will return an error if the caller does not have the required permissions
msg.neptune_authorize(deps.as_ref(), &env, &info.sender)?;
...
}
Dependencies
~4.5–6.5MB
~135K SLoC