Session tokens have limited lifetime in NeoFS. Container processor should
verify lifetime of the incoming tokens.
Define `NetworkState` interface with `Epoch` method to get number of the
current epoch. Use Netmap contract client's wrapper as `NetworkState` of
Container `Processor`. Check values of token lifetime, and deny if:
* NBF value is gt the current epoch;
* IAT is gt the current epoch;
* EXP is le the current epoch.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Make IR processor of NeoFS contract to handle `Bind`/`Unbind` notification
events. The processor verifies the format of wallet script hash and public
keys, and call NeoFS ID client wrapper in order to approve adding/removing
keys from NeoFS account.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Construct wrapper over the Container contract client with `TryNotary` option
since it is required to perform invocations of notary contract.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Make `Get` method of the wrapper over Container contract's client to
accept binary container ID. Create `Get` function similar to the previous
`Get` variation. Use this function in Container service server in the place
where `Get` method was used.
Additionally implement `AsContainerSource` function which allows
to simply compose container Source interface from the wrapper.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Add `setEACL` notification event parser (handler) to the return of the
`ListenerParsers` (`ListenerHandlers`) method. Read address of NeoFS ID
contract from `contracts.neofsid` config. Implement `NewNeoFSIDClient`
constructor in `invoke` package and use it in IR application.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
For N3 Testnet RC2 release inner ring app supports three modes:
- notary enabled in all chains (default),
- notary disabled in all chains,
- notary enabled only in side chain.
All notary related functions are moved to notary.go
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
With `mainnet.notary_deposit=false` inner ring will ignore
notary deposit \ awaiting routines in the application start,
so it can run on the environments without notary support.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Alphabet nodes synchronize list of alphabet keys from main chain
`NeoFSAlphabet` role once per epoch. This can lead to a wrong behavior in
single chain deployment (`without_mainnet` config parameter). Alphabet node
in single chain environment will try to get NeoFSAlphabet role from main
chain client, but it'll get result from side chain instead. Side chain
stores list of all inner ring nodes in this role. Therefore it is possible
that alphabet nodes will try to appoint inner ring nodes as alphabet nodes,
which is not correct.
Fix incorrect behavior with disabling of synchronization of alphabet keys in
sidechain-only mode.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Unified format uses transfer type as the first byte
and extra details next. List of transfer types used in
contracts defined in `details.go`. It includes:
- audit settlement,
- basic income collection,
- basic income distribution.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Extra blocks for notary deposit must not be less than extra blocks
at notary tx rounding.
Consider you make notary deposit every 1000 block for next
1100 blocks. At block 555 you made notary deposit up to 1655.
At block 1554 you want to send notary tx. Notary client uses rounding
to calculate `until` value. By default notary client rounds with up
to 150 block ahead, thus for tx at 1554 `until` will be 1700.
1700 is bigger than deposit limit at 1655 and tx will fail. However
if extra blocks for notary deposit will be 200, then this case
won't be possible.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Alias type provide sort function so it is better to use it
everywhere where list of public keys is presented.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
On the `Deposit` events add gas balance check.
Make transfer only if the balance is greater
than the `GasTransferThreshold` that is defined
with environmental variable.
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
NeoFS contract can be deployed in sidechain instead of main chain.
Add `without_mainnet` config flag that can switch IR node to work with
sidechain only. By default this flag is unset.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In previous implementation IR worked with exactly 7 alphabetic contracts
only. Actually number of contracts is limited to only the Glagolitic
alphabet.
Make IR to work with any valid number of alphabetic contracts. Change parser
of alphabetic contract addresses to read amount of processing contracts
before performance. Make Alphabet processor to use interface of the
alphabetic contract group. Use `alphabetContracts` type in IR `Server`.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Implement DB interface required by LOCODE validator on new wrapper over the
LOCODE Bolt DB (Record on new wrapper over LOCODE Bolt DB entries).
Construct LOCODE validator and pass it to Netmap processor's constructor as
NodeValidator parameter.
Thus, candidates for a network map must set LOCODE attribute for which there
is an entry in the NeoFS location database.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Keep list of functions which are called first when the server starts (method
Server.Start). If any of the starters returns an error, the server will not
start. Such starters will mainly be used for resources that need to be
initialized after a successful server construction, but before its main work
(e.g. local files).
Keep list of functions which are called when the server stops (Server.Stop
method). Such closers will mainly be used for resources that need to be
released after server shutdown (e.g. initialized by starters).
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
There are two notifications:
- start estimation notification produced at the beginning of the
epoch,
- stop estimation notifications should be produced before
basic audit settlement starts.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This small refactoring adds `blocktimer.go` file with
all timer related function and constructors. This way
we can create all timers in one place (at the end of
innerring.Server constructor).
To do that we had to move timer reset into global
server state so it can be accessed by netmap
processor.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
There is no point of making separate `Fee` and `NoFee`
wrappers because all reading operations are free disregarding
of fee value in static client. However we can use these same
wrappers so send transaction.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Pass handler of audit settlement event to netmap event processor. Generate
AuditEvent in during new epoch processing.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Use client with extraFee instead of readOnlyFee. Rename
NewNoFeeBalanceClient to NewBalanceClient since no-fee client is no longer
used.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>