fix

narval-xyz · Feb 6, 2024 · 9070f69 · 9070f69
1 parent d9d1532
commit 9070f69
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 61 deletions.
diff --git a/apps/authz/Makefile b/apps/authz/Makefile
@@ -101,7 +101,9 @@ authz/rego/compile:
 		--output ./rego-build/policies.gz
 	tar -xzf ./rego-build/policies.gz -C ./rego-build/
 
-authz/rego/wasm:
+authz/rego/eval:
+	make authz/rego/compile
+
 	npx ts-node \
 		--compiler-options "{\"module\":\"CommonJS\"}" \
 		${AUTHZ_PROJECT_DIR}/src/opa/rego/script.ts
@@ -111,26 +113,7 @@ authz/rego/template:
 		ts-node -r tsconfig-paths/register \
 		--project ${AUTHZ_PROJECT_DIR}/tsconfig.app.json ${AUTHZ_PROJECT_DIR}/src/opa/template/script.ts
 
-	make authz/rego/compile
-
-	make authz/rego/wasm
-
-authz/rego/bundle:
-	rm -rf ${AUTHZ_PROJECT_DIR}/src/opa/build
-
-	mkdir -p ${AUTHZ_PROJECT_DIR}/src/opa/build
-
-	opa build \
-		--bundle ${AUTHZ_PROJECT_DIR}/src/opa/rego \
-		--ignore "__test__" \
-		--output ${AUTHZ_PROJECT_DIR}/src/opa/build/policies.tar.gz
-
-authz/rego/eval:
-	opa eval \
-		--format="pretty" \
-		--bundle ${AUTHZ_PROJECT_DIR}/src/opa/build/policies.tar.gz \
-		--input ${AUTHZ_PROJECT_DIR}/src/opa/rego/input.json \
-		'data.main.evaluate'
+	make authz/rego/eval
 
 authz/rego/test:
 	opa test \

diff --git a/apps/authz/src/app/opa/opa.service.ts b/apps/authz/src/app/opa/opa.service.ts
@@ -9,6 +9,7 @@ import Handlebars from 'handlebars'
 import { isEmpty } from 'lodash'
 import path from 'path'
 import R from 'remeda'
+import { v4 as uuidv4 } from 'uuid'
 
 type PromiseType<T extends Promise<unknown>> = T extends Promise<infer U> ? U : never
 type OpaEngine = PromiseType<ReturnType<typeof loadPolicy>>
@@ -33,7 +34,7 @@ export class OpaService implements OnApplicationBootstrap {
     return evalResult.map(({ result }) => result)
   }
 
-  async generateRegoFile(policyRules: PolicyCriterionBuilder[]): Promise<void> {
+  generateRegoFile(policies: PolicyCriterionBuilder[]): void {
     Handlebars.registerHelper('criterion', function (item) {
       const criterion: Criterion = item.criterion
       const args = item.args
@@ -81,20 +82,13 @@ export class OpaService implements OnApplicationBootstrap {
       }
     })
 
-    const templateSource = readFileSync(
-      '/Users/samuel/Documents/narval/narval/apps/authz/src/opa/template/template.hbs',
-      'utf-8'
-    )
+    const templateSource = readFileSync('./apps/authz/src/opa/template/template.hbs', 'utf-8')
 
     const template = Handlebars.compile(templateSource)
 
-    const regoContent = template(policyRules)
+    const regoContent = template({ policies })
 
-    writeFileSync(
-      '/Users/samuel/Documents/narval/narval/apps/authz/src/opa/rego/policies/e2e.rego',
-      regoContent,
-      'utf-8'
-    )
+    writeFileSync(`./apps/authz/src/opa/rego/policies/${uuidv4()}.rego`, regoContent, 'utf-8')
 
     console.log('Policy .rego file generated successfully.')
   }

diff --git a/apps/authz/src/opa/rego/policies/7e1c8a0e-3cf5-4e6c-8e90-5ca8a95b1fdf.rego b/apps/authz/src/opa/rego/policies/7e1c8a0e-3cf5-4e6c-8e90-5ca8a95b1fdf.rego
@@ -0,0 +1,27 @@
+package main
+
+permit[{"policyId": "examplePermitPolicy" }] = reason {
+  checkTransferResourceIntegrity
+  checkNonceExists
+  checkAction({"signTransaction"})
+  checkPrincipalId({"matt@narval.xyz"})
+  checkWalletId({"eip155:eoa:0x90d03a8971a2faa19a9d7ffdcbca28fe826a289b"})
+  checkIntentType({"transferNative"})
+  checkIntentToken({"eip155:137/slip44:966"})
+  checkIntentAmount({"currency":"*","operator":"lte","value":"1000000000000000000"})
+  approvals = checkApprovals([{"approvalCount":2,"countPrincipal":false,"approvalEntityType":"Narval::User","entityIds":["aa@narval.xyz","bb@narval.xyz"]}, {"approvalCount":1,"countPrincipal":false,"approvalEntityType":"Narval::UserRole","entityIds":["admin"]}])
+  reason = {"type": "permit", "policyId": "examplePermitPolicy", "approvalsSatisfied": approvals.approvalsSatisfied, "approvalsMissing": approvals.approvalsMissing}
+}
+
+forbid[{"policyId": "exampleForbidPolicy" }] = reason {
+  checkTransferResourceIntegrity
+  checkNonceExists
+  checkAction({"signTransaction"})
+  checkPrincipalId({"matt@narval.xyz"})
+  checkWalletId({"eip155:eoa:0x90d03a8971a2faa19a9d7ffdcbca28fe826a289b"})
+  checkIntentType({"transferNative"})
+  checkIntentToken({"eip155:137/slip44:966"})
+  checkSpendingLimit({"limit":"1000000000000000000","timeWindow":{"type":"rolling","value":43200},"filters":{"tokens":["eip155:137/slip44:966"],"users":["matt@narval.xyz"]}})
+  reason = {"type":"forbid","policyId":"exampleForbidPolicy","approvalsSatisfied":[],"approvalsMissing":[]}
+}
+
diff --git a/apps/authz/src/opa/rego/policies/e2e.rego b/apps/authz/src/opa/rego/policies/e2e.rego
diff --git a/apps/authz/src/opa/template/template.hbs b/apps/authz/src/opa/template/template.hbs
@@ -1,11 +1,11 @@
 package main
 
 {{#each policies}}
-  {{then}}[{"policyId": "{{name}}" }] = reason {
+{{then}}[{"policyId": "{{name}}" }] = reason {
   {{#each when}}
-    {{#criterion this}}{{/criterion}}
+  {{#criterion this}}{{/criterion}}
   {{/each}}
   {{#reason this}}{{/reason}}
-  }
+}
 
 {{/each}}