Fix empty approvals bug (#42)

narval-xyz · Jan 23, 2024 · a0eed00 · a0eed00
1 parent 0300796
commit a0eed00
Show file tree

Hide file tree

Showing 7 changed files with 62 additions and 45 deletions.
diff --git a/apps/authz/src/app/opa/rego/input.json b/apps/authz/src/app/opa/rego/input.json
@@ -24,6 +24,12 @@
   },
   "resource": { "uid": "eip155:eoa:0x90d03a8971a2faa19a9d7ffdcbca28fe826a289b" },
   "approvals": [
+    {
+      "userId": "matt@narval.xyz",
+      "id": "credentialId1",
+      "alg": "ES256K",
+      "pubKey": "0xd75D626a116D4a1959fE3bB938B2e7c116A05890"
+    },
     {
       "userId": "aa@narval.xyz",
       "id": "credentialId2",
@@ -37,5 +43,58 @@
       "pubKey": "0xab88c8785D0C00082dE75D801Fcb1d5066a6311e"
     }
   ],
-  "transfers": []
+  "transfers": [
+    {
+      "amount": "3000000000",
+      "from": "eip155:137:0x90d03a8971a2faa19a9d7ffdcbca28fe826a289b",
+      "to": "eip155:137:0x08a08d0504d4f3363a5b7fda1f5fff1c7bca8ad4",
+      "chainId": 137,
+      "token": "eip155:137/slip44/966",
+      "rates": {
+        "fiat:usd": "0.99",
+        "fiat:eur": "1.10"
+      },
+      "initiatedBy": "matt@narval.xyz",
+      "timestamp": 1705934992613
+    },
+    {
+      "amount": "2000000000",
+      "from": "eip155:137:0x90d03a8971a2faa19a9d7ffdcbca28fe826a289b",
+      "to": "eip155:137:0x08a08d0504d4f3363a5b7fda1f5fff1c7bca8ad4",
+      "chainId": 137,
+      "token": "eip155:137/slip44/966",
+      "rates": {
+        "fiat:usd": "0.99",
+        "fiat:eur": "1.10"
+      },
+      "initiatedBy": "matt@narval.xyz",
+      "timestamp": 1705934992613
+    },
+    {
+      "amount": "1500000000",
+      "from": "eip155:137:0x90d03a8971a2faa19a9d7ffdcbca28fe826a289b",
+      "to": "eip155:137:0x08a08d0504d4f3363a5b7fda1f5fff1c7bca8ad4",
+      "chainId": 137,
+      "token": "eip155:137/slip44/966",
+      "rates": {
+        "fiat:usd": "0.99",
+        "fiat:eur": "1.10"
+      },
+      "initiatedBy": "matt@narval.xyz",
+      "timestamp": 1705934992613
+    },
+    {
+      "amount": "1000000000",
+      "from": "eip155:137:0x90d03a8971a2faa19a9d7ffdcbca28fe826a289b",
+      "to": "eip155:137:0x08a08d0504d4f3363a5b7fda1f5fff1c7bca8ad4",
+      "chainId": 137,
+      "token": "eip155:137/slip44/966",
+      "rates": {
+        "fiat:usd": "0.99",
+        "fiat:eur": "1.10"
+      },
+      "initiatedBy": "matt@narval.xyz",
+      "timestamp": 1705934992613
+    }
+  ]
 }
diff --git a/apps/authz/src/app/opa/rego/lib/criteria/approvals.rego b/apps/authz/src/app/opa/rego/lib/criteria/approvals.rego
@@ -2,20 +2,15 @@ package main
 
 import future.keywords.in
 
-approvals := input.approvals
-
 usersEntities := data.entities.users
 
 userGroupsEntities := data.entities.userGroups
 
 getApprovalsCount(possibleApprovers) = result {
-	approval := approvals[_]
-
 	matchedApprovers := {approval.userId |
-		approval := approvals[_]
+		approval := input.approvals[_]
 		approval.userId in possibleApprovers
 	}
-
 	result := count(matchedApprovers)
 }
 

diff --git a/apps/authz/src/app/opa/rego/policies/policy1.rego b/apps/authz/src/app/opa/rego/policies/policy1.rego
@@ -4,22 +4,17 @@ import future.keywords.in
 
 permit[{"policyId": "test-policy-1"}] := reason {
 	checkPrincipal
-
 	input.action == "signTransaction"
-
 	checkTransferTokenType({"transferERC20"})
 	checkTransferTokenAddress({"eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174"})
 	checkTransferTokenOperation({"operator": "lte", "value": "1000000000000000000"})
-
 	approvalsRequired = [{
 		"approvalCount": 2,
 		"countPrincipal": false,
 		"approvalEntityType": "Narval::User",
 		"entityIds": ["test-bob-uid", "test-bar-uid", "test-signer-uid"],
 	}]
-
 	approvals := getApprovalsResult(approvalsRequired)
-
 	reason := {
 		"type": "permit",
 		"policyId": "test-policy-1",

diff --git a/apps/authz/src/app/opa/rego/policies/policy2.rego b/apps/authz/src/app/opa/rego/policies/policy2.rego
@@ -4,22 +4,17 @@ import future.keywords.in
 
 permit[{"policyId": "test-policy-2"}] := reason {
 	checkPrincipal
-
 	input.action == "signTransaction"
-
 	checkTransferTokenType({"transferERC20"})
 	checkTransferTokenAddress({"eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174"})
 	checkTransferTokenOperation({"operator": "lte", "value": "1000000000000000000"})
-
 	approvalsRequired = [{
 		"approvalCount": 2,
 		"countPrincipal": false,
 		"approvalEntityType": "Narval::UserGroup",
 		"entityIds": ["test-user-group-one-uid"],
 	}]
-
 	approvals := getApprovalsResult(approvalsRequired)
-
 	reason := {
 		"type": "permit",
 		"policyId": "test-policy-2",

diff --git a/apps/authz/src/app/opa/rego/policies/policy3.rego b/apps/authz/src/app/opa/rego/policies/policy3.rego
@@ -4,22 +4,17 @@ import future.keywords.in
 
 permit[{"policyId": "test-policy-3"}] := reason {
 	checkPrincipal
-
 	input.action == "signTransaction"
-
 	checkTransferTokenType({"transferERC20"})
 	checkTransferTokenAddress({"eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174"})
 	checkTransferTokenOperation({"operator": "lte", "value": "1000000000000000000"})
-
 	approvalsRequired = [{
 		"approvalCount": 2,
 		"countPrincipal": false,
 		"approvalEntityType": "Narval::UserRole",
 		"entityIds": ["root", "admin"],
 	}]
-
 	approvals := getApprovalsResult(approvalsRequired)
-
 	reason := {
 		"type": "permit",
 		"policyId": "test-policy-3",

diff --git a/apps/authz/src/app/opa/rego/policies/spendings.rego b/apps/authz/src/app/opa/rego/policies/spendings.rego
@@ -6,22 +6,17 @@ import future.keywords.in
 
 forbid[{"policyId": "test-accumulation-policy-1"}] := reason {
 	checkPrincipal
-
 	input.action == "signTransaction"
-
 	transferTypes = {"transferERC20"}
 	roles = {"member"}
 	tokens = {"eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174", "eip155:1/erc20:0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48"}
 	limit = to_number("5000000000")
 	startDate = secondsToNanoSeconds(nowSeconds - ((12 * 60) * 60))
-
 	checkPrincipalRole(roles)
 	checkTransferTokenType(transferTypes)
 	checkTransferTokenAddress(tokens)
-
 	spendings = getUsdSpendingAmount({"tokens": tokens, "startDate": startDate})
 	checkSpendingLimitReached(spendings, transferTokenAmount, limit)
-
 	reason := {
 		"type": "forbid",
 		"policyId": "test-accumulation-policy-1",
@@ -34,19 +29,15 @@ forbid[{"policyId": "test-accumulation-policy-1"}] := reason {
 
 forbid[{"policyId": "test-accumulation-policy-2"}] := reason {
 	checkPrincipal
-
 	input.action == "signTransaction"
-
 	transferTypes = {"transferERC20"}
 	users = {"test-alice-uid"}
 	tokens = {"eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174", "eip155:1/erc20:0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48"}
 	limit = to_number("5000000000")
 	startDate = secondsToNanoSeconds(nowSeconds - ((12 * 60) * 60))
-
 	checkPrincipalId(users)
 	checkTransferTokenType(transferTypes)
 	checkTransferTokenAddress(tokens)
-
 	spendings = getUsdSpendingAmount({"tokens": tokens, "users": users, "startDate": startDate})
 	checkSpendingLimitReached(spendings, transferTokenAmount, limit)
 
@@ -62,20 +53,15 @@ forbid[{"policyId": "test-accumulation-policy-2"}] := reason {
 
 forbid[{"policyId": "test-accumulation-policy-3"}] := reason {
 	checkPrincipal
-
 	input.action == "signTransaction"
-
 	transferTypes = {"transferERC20"}
 	resources = {"eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"}
 	limit = to_number("5000000000")
 	startDate = secondsToNanoSeconds(nowSeconds - ((12 * 60) * 60))
-
 	checkTransferTokenType(transferTypes)
 	checkWalletId(resources)
-
 	spendings = getUsdSpendingAmount({"resources": resources, "startDate": startDate})
 	checkSpendingLimitReached(spendings, transferTokenAmount, limit)
-
 	reason := {
 		"type": "forbid",
 		"policyId": "test-accumulation-policy-3",
@@ -89,17 +75,13 @@ forbid[{"policyId": "test-accumulation-policy-3"}] := reason {
 forbid[{"policyId": "test-accumulation-policy-4"}] := reason {
 	checkPrincipal
 	input.action == "signTransaction"
-
 	transferTypes = {"transferERC20"}
 	userGroups = {"test-user-group-one-uid"}
 	limit = to_number("5000000000")
 	startDate = secondsToNanoSeconds(nowSeconds - ((24 * 60) * 60))
-
 	checkTransferTokenType(transferTypes)
-
 	spendings = getUsdSpendingAmount({"userGroups": userGroups, "startDate": startDate})
 	checkSpendingLimitReached(spendings, transferTokenAmount, limit)
-
 	reason := {
 		"type": "forbid",
 		"policyId": "test-accumulation-policy-4",
@@ -113,17 +95,13 @@ forbid[{"policyId": "test-accumulation-policy-4"}] := reason {
 forbid[{"policyId": "test-accumulation-policy-5"}] := reason {
 	checkPrincipal
 	input.action == "signTransaction"
-
 	transferTypes = {"transferERC20"}
 	walletGroups = {"test-wallet-group-one-uid"}
 	limit = to_number("5000000000")
 	startDate = secondsToNanoSeconds(nowSeconds - ((24 * 60) * 60))
-
 	checkTransferTokenType(transferTypes)
-
 	spendings = getUsdSpendingAmount({"walletGroups": walletGroups, "startDate": startDate})
 	checkSpendingLimitReached(spendings, transferTokenAmount, limit)
-
 	reason := {
 		"type": "forbid",
 		"policyId": "test-accumulation-policy-5",

diff --git a/apps/authz/src/shared/types/domain.type.ts b/apps/authz/src/shared/types/domain.type.ts
@@ -56,7 +56,7 @@ export type HistoricalTransfer = {
   token: Caip10
   rates: { [keyof in FiatSymbols]: string } // eg. { fiat:usd: '0.01', fiat:eur: '0.02' }
   initiatedBy: string // uid of the user who initiated the spending
-  timestamp: number // unix timestamp
+  timestamp: number // unix timestamp in ms
 }
 
 export type SharedAuthorizationRequest = {