feat: authz-rules POC

vitwit · Apr 5, 2024 · e6521ac · e6521ac
1 parent a321866
commit e6521ac
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 2 deletions.
diff --git a/simapp/app.go b/simapp/app.go
@@ -1,4 +1,4 @@
-//go:build app_v1
+//go:build !app_v1
 
 package simapp
 
@@ -337,6 +337,26 @@ func NewSimApp(
 
 	app.AuthzKeeper = authzkeeper.NewKeeper(runtime.NewKVStoreService(keys[authzkeeper.StoreKey]), appCodec, app.MsgServiceRouter(), app.AccountKeeper)
 
+	rules := func(msg sdk.Msg) bool {
+		switch msg := msg.(type) {
+		case *banktypes.MsgSend:
+			blockedAddrs := []string{"cosmos1rnr5jrt4exl0samwj0yegv99jeskl0hsge5zwt"}
+			for _, v := range blockedAddrs {
+				if msg.ToAddress == v {
+					return true
+				}
+			}
+			return false
+		case *stakingtypes.MsgDelegate:
+			// Your logic for stake messages here
+			return false
+		default:
+			return false
+		}
+	}
+
+	app.AuthzKeeper = app.AuthzKeeper.SetAuthzRules(rules)
+
 	groupConfig := group.DefaultConfig()
 	/*
 		Example of setting group params:

diff --git a/simapp/app_v2.go b/simapp/app_v2.go
@@ -1,4 +1,4 @@
-//go:build !app_v1
+//go:build app_v1
 
 package simapp
 

diff --git a/x/authz/keeper/keeper.go b/x/authz/keeper/keeper.go
@@ -34,6 +34,7 @@ type Keeper struct {
 	cdc          codec.Codec
 	router       baseapp.MessageRouter
 	authKeeper   authz.AccountKeeper
+	rules        func(msg sdk.Msg) bool
 }
 
 // NewKeeper constructs a message authorization Keeper
@@ -92,13 +93,28 @@ func (k Keeper) update(ctx context.Context, grantee, granter sdk.AccAddress, upd
 	return nil
 }
 
+func (k Keeper) SetAuthzRules(rules func(msg sdk.Msg) bool) Keeper {
+	k.rules = rules
+	return k
+}
+
 // DispatchActions attempts to execute the provided messages via authorization
 // grants from the message signer to the grantee.
 func (k Keeper) DispatchActions(ctx context.Context, grantee sdk.AccAddress, msgs []sdk.Msg) ([][]byte, error) {
 	results := make([][]byte, len(msgs))
 	sdkCtx := sdk.UnwrapSDKContext(ctx)
 	now := sdkCtx.BlockTime()
 
+	for _, msg := range msgs {
+		// switch sdk.MsgTypeURL(msg) {
+		// case sdk.MsgTypeURL(&bankv1beta1.MsgSend{}):
+		ok := k.rules(msg)
+		if ok {
+			return nil, fmt.Errorf("receiver blocked")
+		}
+		// }
+	}
+
 	for i, msg := range msgs {
 		signers, _, err := k.cdc.GetMsgV1Signers(msg)
 		if err != nil {