frostfs-contract/proxy/proxy_contract.go
Evgenii Stratonikov 23e85d11c4 [#53] proxy: Allow using proxy by trusted accounts
It was reverted because `Verify` with arguments was not well supported
by the client software. Thanks to recent `System.Runtime.CurrentSigners`
call from neo-go v0.104.0 we can take the best of both worlds.

Verify with argument still looks better (less overhead), but this
implementation should work too. Sadly, `overloads` are not of much use
here because verification routines take the _first_ method from the
manifest, albeit with arbitrary number of arguments.

This reverts commit a0b73150c6 with some
changes on-top.

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-12-15 14:34:26 +03:00

86 lines
2.3 KiB
Go

package proxy
import (
"git.frostfs.info/TrueCloudLab/frostfs-contract/common"
"github.com/nspcc-dev/neo-go/pkg/interop"
"github.com/nspcc-dev/neo-go/pkg/interop/native/gas"
"github.com/nspcc-dev/neo-go/pkg/interop/native/management"
"github.com/nspcc-dev/neo-go/pkg/interop/runtime"
"github.com/nspcc-dev/neo-go/pkg/interop/storage"
)
const accountKeyPrefix = 'a'
// OnNEP17Payment is a callback for NEP-17 compatible native GAS contract.
func OnNEP17Payment(from interop.Hash160, amount int, data any) {
caller := runtime.GetCallingScriptHash()
if !common.BytesEqual(caller, []byte(gas.Hash)) {
common.AbortWithMessage("proxy contract accepts GAS only")
}
}
func _deploy(data any, isUpdate bool) {
if isUpdate {
args := data.([]any)
common.CheckVersion(args[len(args)-1].(int))
return
}
runtime.Log("proxy contract initialized")
}
// Update method updates contract source code and manifest. It can be invoked
// only by committee.
func Update(script []byte, manifest []byte, data any) {
if !common.HasUpdateAccess() {
panic("only committee can update contract")
}
management.UpdateWithData(script, manifest, common.AppendVersion(data))
runtime.Log("proxy contract updated")
}
// Verify method returns true if transaction contains valid multisignature of
// Alphabet nodes of the Inner Ring or any of the trusted accounts added via AddAccount.
func Verify() bool {
if !runtime.GetScriptContainer().Sender.Equals(runtime.GetExecutingScriptHash()) {
return false
}
signers := runtime.CurrentSigners()
ctx := storage.GetReadOnlyContext()
for i := 1; /* skip sender */ i < len(signers); i++ {
if storage.Get(ctx, append([]byte{accountKeyPrefix}, signers[i].Account...)) != nil {
return true
}
}
if runtime.CheckWitness(common.CommitteeAddress()) {
return true
}
if runtime.CheckWitness(common.AlphabetAddress()) {
return true
}
return false
}
// Version returns the version of the contract.
func Version() int {
return common.Version
}
func AddAccount(addr interop.Hash160) {
common.CheckWitness(common.CommitteeAddress())
ctx := storage.GetContext()
storage.Put(ctx, append([]byte{accountKeyPrefix}, addr...), []byte{1})
}
func RemoveAccount(addr interop.Hash160) {
common.CheckWitness(common.CommitteeAddress())
ctx := storage.GetContext()
storage.Delete(ctx, append([]byte{accountKeyPrefix}, addr...))
}