From bc4a527cfd0acff15472a355f923f2197f4b9e6c Mon Sep 17 00:00:00 2001 From: samuel Date: Tue, 30 Jan 2024 12:35:24 +0100 Subject: [PATCH] refactor --- .../__test__/criteria/intent/amount_test.rego | 53 +++++++++++ .../intent}/contractCall_test.rego | 4 +- .../intent}/contractDeploy_test.rego | 0 .../{ => intent}/destination_test.rego | 10 +-- .../intent}/signMessage_test.rego | 61 ++----------- .../criteria/{ => intent}/source_test.rego | 12 +-- .../intent}/tokenAllowance_test.rego | 6 +- .../intent}/transferNft_test.rego | 4 +- .../intent}/transferToken_test.rego | 8 +- .../__test__/criteria/principal_test.rego | 24 +++-- .../rego/__test__/criteria/resource_test.rego | 42 ++++----- .../__test__/criteria/tokenAmount_test.rego | 55 ------------ .../{ => transactionRequest}/gas_test.rego | 0 .../{ => transactionRequest}/nonce_test.rego | 0 .../opa/rego/lib/criteria/accumulation.rego | 2 +- .../rego/lib/criteria/contractAddress.rego | 12 --- .../lib/criteria/contractHexSignatures.rego | 12 --- .../src/opa/rego/lib/criteria/intent.rego | 7 -- .../opa/rego/lib/criteria/intent/amount.rego | 43 +++++++++ .../criteria/{ => intent}/destination.rego | 4 + .../opa/rego/lib/criteria/intent/intent.rego | 88 +++++++++++++++++++ .../lib/criteria/{ => intent}/source.rego | 6 ++ .../criteria/{ => intent}/transferNft.rego | 0 .../src/opa/rego/lib/criteria/principal.rego | 6 ++ .../src/opa/rego/lib/criteria/resource.rego | 8 ++ .../opa/rego/lib/criteria/signMessage.rego | 27 ------ .../opa/rego/lib/criteria/tokenAddress.rego | 12 --- .../opa/rego/lib/criteria/tokenAmount.rego | 43 --------- .../opa/rego/lib/criteria/tokenSpender.rego | 12 --- .../{ => transactionRequest}/gas.rego | 2 - .../{ => transactionRequest}/nonce.rego | 0 .../src/opa/rego/policies/approvals.rego | 12 +-- apps/authz/src/opa/rego/policies/e2e.rego | 6 +- .../src/opa/rego/policies/spendings.rego | 4 +- 34 files changed, 277 insertions(+), 308 deletions(-) create mode 100644 apps/authz/src/opa/rego/__test__/criteria/intent/amount_test.rego rename apps/authz/src/opa/rego/__test__/{intents => criteria/intent}/contractCall_test.rego (81%) rename apps/authz/src/opa/rego/__test__/{intents => criteria/intent}/contractDeploy_test.rego (100%) rename apps/authz/src/opa/rego/__test__/criteria/{ => intent}/destination_test.rego (100%) rename apps/authz/src/opa/rego/__test__/{intents => criteria/intent}/signMessage_test.rego (56%) rename apps/authz/src/opa/rego/__test__/criteria/{ => intent}/source_test.rego (100%) rename apps/authz/src/opa/rego/__test__/{intents => criteria/intent}/tokenAllowance_test.rego (67%) rename apps/authz/src/opa/rego/__test__/{intents => criteria/intent}/transferNft_test.rego (94%) rename apps/authz/src/opa/rego/__test__/{intents => criteria/intent}/transferToken_test.rego (78%) delete mode 100644 apps/authz/src/opa/rego/__test__/criteria/tokenAmount_test.rego rename apps/authz/src/opa/rego/__test__/criteria/{ => transactionRequest}/gas_test.rego (100%) rename apps/authz/src/opa/rego/__test__/criteria/{ => transactionRequest}/nonce_test.rego (100%) delete mode 100644 apps/authz/src/opa/rego/lib/criteria/contractAddress.rego delete mode 100644 apps/authz/src/opa/rego/lib/criteria/contractHexSignatures.rego delete mode 100644 apps/authz/src/opa/rego/lib/criteria/intent.rego create mode 100644 apps/authz/src/opa/rego/lib/criteria/intent/amount.rego rename apps/authz/src/opa/rego/lib/criteria/{ => intent}/destination.rego (89%) create mode 100644 apps/authz/src/opa/rego/lib/criteria/intent/intent.rego rename apps/authz/src/opa/rego/lib/criteria/{ => intent}/source.rego (88%) rename apps/authz/src/opa/rego/lib/criteria/{ => intent}/transferNft.rego (100%) delete mode 100644 apps/authz/src/opa/rego/lib/criteria/signMessage.rego delete mode 100644 apps/authz/src/opa/rego/lib/criteria/tokenAddress.rego delete mode 100644 apps/authz/src/opa/rego/lib/criteria/tokenAmount.rego delete mode 100644 apps/authz/src/opa/rego/lib/criteria/tokenSpender.rego rename apps/authz/src/opa/rego/lib/criteria/{ => transactionRequest}/gas.rego (97%) rename apps/authz/src/opa/rego/lib/criteria/{ => transactionRequest}/nonce.rego (100%) diff --git a/apps/authz/src/opa/rego/__test__/criteria/intent/amount_test.rego b/apps/authz/src/opa/rego/__test__/criteria/intent/amount_test.rego new file mode 100644 index 000000000..b528660d3 --- /dev/null +++ b/apps/authz/src/opa/rego/__test__/criteria/intent/amount_test.rego @@ -0,0 +1,53 @@ +package main + +test_intentAmount { + amount = intentAmount(wildcard) with input as request + with data.entities as entities + + amount == to_number(one_matic) + + value = intentAmount("fiat:usd") with input as request + with data.entities as entities + + value == to_number(one_matic_value) +} + +test_checkIntentAmount { + checkIntentAmount({"currency": wildcard, "operator": "eq", "value": one_matic}) with input as request + with data.entities as entities + + checkIntentAmount({"currency": wildcard, "operator": "neq", "value": ten_matic}) with input as request + with data.entities as entities + + checkIntentAmount({"currency": wildcard, "operator": "gt", "value": half_matic}) with input as request + with data.entities as entities + + checkIntentAmount({"currency": wildcard, "operator": "lt", "value": ten_matic}) with input as request + with data.entities as entities + + checkIntentAmount({"currency": wildcard, "operator": "gte", "value": one_matic}) with input as request + with data.entities as entities + + checkIntentAmount({"currency": wildcard, "operator": "lte", "value": one_matic}) with input as request + with data.entities as entities +} + +test_checkTokenValue { + checkIntentAmount({"currency": "fiat:usd", "operator": "eq", "value": one_matic_value}) with input as request + with data.entities as entities + + checkIntentAmount({"currency": "fiat:usd", "operator": "neq", "value": ten_matic_value}) with input as request + with data.entities as entities + + checkIntentAmount({"currency": "fiat:usd", "operator": "gt", "value": half_matic_value}) with input as request + with data.entities as entities + + checkIntentAmount({"currency": "fiat:usd", "operator": "lt", "value": ten_matic_value}) with input as request + with data.entities as entities + + checkIntentAmount({"currency": "fiat:usd", "operator": "gte", "value": one_matic_value}) with input as request + with data.entities as entities + + checkIntentAmount({"currency": "fiat:usd", "operator": "lte", "value": one_matic_value}) with input as request + with data.entities as entities +} diff --git a/apps/authz/src/opa/rego/__test__/intents/contractCall_test.rego b/apps/authz/src/opa/rego/__test__/criteria/intent/contractCall_test.rego similarity index 81% rename from apps/authz/src/opa/rego/__test__/intents/contractCall_test.rego rename to apps/authz/src/opa/rego/__test__/criteria/intent/contractCall_test.rego index 4b1c35130..79f49ad5c 100644 --- a/apps/authz/src/opa/rego/__test__/intents/contractCall_test.rego +++ b/apps/authz/src/opa/rego/__test__/criteria/intent/contractCall_test.rego @@ -21,9 +21,9 @@ test_contractCall { checkDestinationAddress({"eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3"}) with input as contractCallRequest with data.entities as entities - checkContractAddress({"eip155:137/erc721:0x08a08d0504d4f3363a5b7fda1f5fff1c7bca8ad4"}) with input as contractCallRequest + checkIntentContractAddress({"eip155:137/erc721:0x08a08d0504d4f3363a5b7fda1f5fff1c7bca8ad4"}) with input as contractCallRequest with data.entities as entities - checkContractHexSignatures({"0x12345"}) with input as contractCallRequest + checkIntentHexSignature({"0x12345"}) with input as contractCallRequest with data.entities as entities } diff --git a/apps/authz/src/opa/rego/__test__/intents/contractDeploy_test.rego b/apps/authz/src/opa/rego/__test__/criteria/intent/contractDeploy_test.rego similarity index 100% rename from apps/authz/src/opa/rego/__test__/intents/contractDeploy_test.rego rename to apps/authz/src/opa/rego/__test__/criteria/intent/contractDeploy_test.rego diff --git a/apps/authz/src/opa/rego/__test__/criteria/destination_test.rego b/apps/authz/src/opa/rego/__test__/criteria/intent/destination_test.rego similarity index 100% rename from apps/authz/src/opa/rego/__test__/criteria/destination_test.rego rename to apps/authz/src/opa/rego/__test__/criteria/intent/destination_test.rego index d64ffddf7..24e6be16f 100644 --- a/apps/authz/src/opa/rego/__test__/criteria/destination_test.rego +++ b/apps/authz/src/opa/rego/__test__/criteria/intent/destination_test.rego @@ -1,10 +1,5 @@ package main -test_wildcardDestination { - checkDestinationAddress(wildcard) - checkDestinationClassification(wildcard) -} - test_destination { res = destination with input as request with data.entities as entities @@ -22,3 +17,8 @@ test_destination { checkDestinationClassification({"internal"}) with input as request with data.entities as entities } + +test_wildcardDestination { + checkDestinationAddress(wildcard) + checkDestinationClassification(wildcard) +} diff --git a/apps/authz/src/opa/rego/__test__/intents/signMessage_test.rego b/apps/authz/src/opa/rego/__test__/criteria/intent/signMessage_test.rego similarity index 56% rename from apps/authz/src/opa/rego/__test__/intents/signMessage_test.rego rename to apps/authz/src/opa/rego/__test__/criteria/intent/signMessage_test.rego index de91104d5..4e993c2b6 100644 --- a/apps/authz/src/opa/rego/__test__/intents/signMessage_test.rego +++ b/apps/authz/src/opa/rego/__test__/criteria/intent/signMessage_test.rego @@ -16,10 +16,10 @@ test_checkSignMessage { checkSourceAddress({"eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"}) with input as signMessageRequest with data.entities as entities - signMessageEquals("Hello world!") with input as signMessageRequest + checkIntentMessage("equals", "Hello world!") with input as signMessageRequest with data.entities as entities - signMessageContains("Hello") with input as signMessageRequest + checkIntentMessage("contains", "Hello") with input as signMessageRequest with data.entities as entities } @@ -39,68 +39,20 @@ test_checkSignRawPayload { checkSourceAddress({"eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"}) with input as signRawPayloadRequest with data.entities as entities - signRawPayloadEquals("Hello world!") with input as signRawPayloadRequest + checkIntentPayload("equals", "Hello world!") with input as signRawPayloadRequest with data.entities as entities - signRawPayloadContains("Hello") with input as signRawPayloadRequest + checkIntentPayload("contains", "Hello") with input as signRawPayloadRequest with data.entities as entities } test_checkSignTypedData { - typedData = { - "account": "0xA0Cf798816D4b9b9866b5330EEa46a18382f251e", - "domain": { - "name": "Ether Mail", - "version": "1", - "chainId": 1, - "verifyingContract": "0xCcCCccccCCCCcCCCCCCcCcCccCcCCCcCcccccccC", - }, - "types": { - "Person": [ - { - "name": "name", - "type": "string", - }, - { - "name": "wallet", - "type": "address", - }, - ], - "Mail": [ - { - "name": "from", - "type": "Person", - }, - { - "name": "to", - "type": "Person", - }, - { - "name": "contents", - "type": "string", - }, - ], - }, - "primaryType": "Mail", - "message": { - "from": { - "name": "Cow", - "wallet": "0xCD2a3d9F938E13CD947Ec05AbC7FE734Df8DD826", - }, - "to": { - "name": "Bob", - "wallet": "0xbBbBBBBbbBBBbbbBbbBbbbbBBbBbbbbBbBbbBBbB", - }, - "contents": "Hello, Bob!", - }, - } - signTypedDataRequest = { "action": "signTransaction", "intent": { "from": "eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", "type": "signTypedData", - "typedData": typedData, + "typedData": {}, }, } @@ -109,7 +61,4 @@ test_checkSignTypedData { checkSourceAddress({"eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"}) with input as signTypedDataRequest with data.entities as entities - - signTypedDataEquals(typedData) with input as signTypedDataRequest - with data.entities as entities } diff --git a/apps/authz/src/opa/rego/__test__/criteria/source_test.rego b/apps/authz/src/opa/rego/__test__/criteria/intent/source_test.rego similarity index 100% rename from apps/authz/src/opa/rego/__test__/criteria/source_test.rego rename to apps/authz/src/opa/rego/__test__/criteria/intent/source_test.rego index 1ef508daa..64ad66e52 100644 --- a/apps/authz/src/opa/rego/__test__/criteria/source_test.rego +++ b/apps/authz/src/opa/rego/__test__/criteria/intent/source_test.rego @@ -1,11 +1,5 @@ package main -test_wildcardSource { - checkSourceAccountType(wildcard) - checkSourceAddress(wildcard) - checkSourceClassification(wildcard) -} - test_source { res = source with input as request with data.entities as entities @@ -26,3 +20,9 @@ test_source { checkSourceClassification({"wallet"}) with input as request with data.entities as entities } + +test_wildcardSource { + checkSourceAccountType(wildcard) + checkSourceAddress(wildcard) + checkSourceClassification(wildcard) +} diff --git a/apps/authz/src/opa/rego/__test__/intents/tokenAllowance_test.rego b/apps/authz/src/opa/rego/__test__/criteria/intent/tokenAllowance_test.rego similarity index 67% rename from apps/authz/src/opa/rego/__test__/intents/tokenAllowance_test.rego rename to apps/authz/src/opa/rego/__test__/criteria/intent/tokenAllowance_test.rego index 4c51c9cd9..ccf04cda5 100644 --- a/apps/authz/src/opa/rego/__test__/intents/tokenAllowance_test.rego +++ b/apps/authz/src/opa/rego/__test__/criteria/intent/tokenAllowance_test.rego @@ -18,12 +18,12 @@ test_tokenAllowance { checkSourceAddress({"eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"}) with input as tokenAllowanceRequest with data.entities as entities - checkTokenSpenderAddress({"eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3"}) with input as tokenAllowanceRequest + checkIntentSpenderAddress({"eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3"}) with input as tokenAllowanceRequest with data.entities as entities - checkTokenAddress({"eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174"}) with input as tokenAllowanceRequest + checkIntentTokenAddress({"eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174"}) with input as tokenAllowanceRequest with data.entities as entities - checkTokenAmount({"currency": wildcard, "operator": "lte", "value": "1000000000000000000"}) with input as tokenAllowanceRequest + checkIntentAmount({"currency": wildcard, "operator": "lte", "value": "1000000000000000000"}) with input as tokenAllowanceRequest with data.entities as entities } diff --git a/apps/authz/src/opa/rego/__test__/intents/transferNft_test.rego b/apps/authz/src/opa/rego/__test__/criteria/intent/transferNft_test.rego similarity index 94% rename from apps/authz/src/opa/rego/__test__/intents/transferNft_test.rego rename to apps/authz/src/opa/rego/__test__/criteria/intent/transferNft_test.rego index 2ab0c160e..2c97fecd3 100644 --- a/apps/authz/src/opa/rego/__test__/intents/transferNft_test.rego +++ b/apps/authz/src/opa/rego/__test__/criteria/intent/transferNft_test.rego @@ -21,7 +21,7 @@ test_transferERC721 { checkDestinationAddress({"eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3"}) with input as erc721Request with data.entities as entities - checkContractAddress({"eip155:137/erc721:0x08a08d0504d4f3363a5b7fda1f5fff1c7bca8ad4"}) with input as erc721Request + checkIntentContractAddress({"eip155:137/erc721:0x08a08d0504d4f3363a5b7fda1f5fff1c7bca8ad4"}) with input as erc721Request with data.entities as entities checkERC721TokenId({"eip155:137/erc721:0x08a08d0504d4f3363a5b7fda1f5fff1c7bca8ad4/41173"}) with input as erc721Request @@ -62,7 +62,7 @@ test_transferERC1155 { checkDestinationAddress({"eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3"}) with input as erc1155Request with data.entities as entities - checkContractAddress({"eip155:137/erc1155:0x08a08d0504d4f3363a5b7fda1f5fff1c7bca8ad4"}) with input as erc1155Request + checkIntentContractAddress({"eip155:137/erc1155:0x08a08d0504d4f3363a5b7fda1f5fff1c7bca8ad4"}) with input as erc1155Request with data.entities as entities checkERC1155TokenId({"eip155:137/erc1155:0x08a08d0504d4f3363a5b7fda1f5fff1c7bca8ad4/41173"}) with input as erc1155Request diff --git a/apps/authz/src/opa/rego/__test__/intents/transferToken_test.rego b/apps/authz/src/opa/rego/__test__/criteria/intent/transferToken_test.rego similarity index 78% rename from apps/authz/src/opa/rego/__test__/intents/transferToken_test.rego rename to apps/authz/src/opa/rego/__test__/criteria/intent/transferToken_test.rego index b78be2c60..01100b12f 100644 --- a/apps/authz/src/opa/rego/__test__/intents/transferToken_test.rego +++ b/apps/authz/src/opa/rego/__test__/criteria/intent/transferToken_test.rego @@ -21,10 +21,10 @@ test_transferNative { checkDestinationAddress({"eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3"}) with input as nativeRequest with data.entities as entities - checkTokenAddress({"eip155:137/slip44/966"}) with input as nativeRequest + checkIntentTokenAddress({"eip155:137/slip44/966"}) with input as nativeRequest with data.entities as entities - checkTokenAmount({"currency": wildcard, "operator": "lte", "value": "1000000000000000000"}) with input as nativeRequest + checkIntentAmount({"currency": wildcard, "operator": "lte", "value": "1000000000000000000"}) with input as nativeRequest with data.entities as entities } @@ -49,9 +49,9 @@ test_transferERC20 { checkDestinationAddress({"eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3"}) with input as erc20Request with data.entities as entities - checkContractAddress({"eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174"}) with input as erc20Request + checkIntentContractAddress({"eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174"}) with input as erc20Request with data.entities as entities - checkTokenAmount({"currency": wildcard, "operator": "lte", "value": "1000000000000000000"}) with input as erc20Request + checkIntentAmount({"currency": wildcard, "operator": "lte", "value": "1000000000000000000"}) with input as erc20Request with data.entities as entities } diff --git a/apps/authz/src/opa/rego/__test__/criteria/principal_test.rego b/apps/authz/src/opa/rego/__test__/criteria/principal_test.rego index c3db73482..1fa073050 100644 --- a/apps/authz/src/opa/rego/__test__/criteria/principal_test.rego +++ b/apps/authz/src/opa/rego/__test__/criteria/principal_test.rego @@ -1,23 +1,15 @@ package main -test_wildcardPrincipal { - checkPrincipalId(wildcard) - checkPrincipalRole(wildcard) - checkPrincipalGroups(wildcard) -} - -test_principalGroups { - groups = principalGroups with input as request +test_principal { + user = principal with input as request with data.entities as entities - groups == {"test-user-group-one-uid", "test-user-group-two-uid"} -} + user == {"uid": "test-bob-uid", "role": "root"} -test_principal { - res = principal with input as request + groups = principalGroups with input as request with data.entities as entities - res == {"uid": "test-bob-uid", "role": "root"} + groups == {"test-user-group-one-uid", "test-user-group-two-uid"} isPrincipalRootUser with input as request with data.entities as entities @@ -34,3 +26,9 @@ test_principal { checkPrincipalGroups({"test-user-group-one-uid"}) with input as request with data.entities as entities } + +test_wildcardPrincipal { + checkPrincipalId(wildcard) + checkPrincipalRole(wildcard) + checkPrincipalGroups(wildcard) +} diff --git a/apps/authz/src/opa/rego/__test__/criteria/resource_test.rego b/apps/authz/src/opa/rego/__test__/criteria/resource_test.rego index f2da9ce1f..14446d027 100644 --- a/apps/authz/src/opa/rego/__test__/criteria/resource_test.rego +++ b/apps/authz/src/opa/rego/__test__/criteria/resource_test.rego @@ -1,39 +1,28 @@ package main -test_checkTransferResourceIntegrity { +test_resource { checkTransferResourceIntegrity with input as request with data.entities as entities -} -test_walletGroups { - groups = walletGroups with input as request + wallet = resource with input as request with data.entities as entities - groups == {"test-wallet-group-one-uid"} -} + wallet == { + "uid": "eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", + "address": "0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", + "accountType": "eoa", + "assignees": ["test-bob-uid", "test-alice-uid", "test-bar-uid"], + } -test_getWalletGroups { - getWalletGroups({"test-wallet-group-one-uid"}) with input as request + groups = walletGroups with input as request with data.entities as entities -} -test_wildcardResource { - checkWalletId(wildcard) - checkWalletGroups(wildcard) - checkWalletChainId(wildcard) - checkWalletAssignees(wildcard) -} + groups == {"test-wallet-group-one-uid"} -test_resource { - res = resource with input as request + walletGroupsById = getWalletGroups("eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e") with input as request with data.entities as entities - res == { - "uid": "eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", - "address": "0xddcf208f219a6e6af072f2cfdc615b2c1805f98e", - "accountType": "eoa", - "assignees": ["test-bob-uid", "test-alice-uid", "test-bar-uid"], - } + walletGroupsById == {"test-wallet-group-one-uid"} checkWalletId({"eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"}) with input as request with data.entities as entities @@ -47,3 +36,10 @@ test_resource { checkWalletAssignees({"test-bob-uid"}) with input as request with data.entities as entities } + +test_wildcardResource { + checkWalletId(wildcard) + checkWalletGroups(wildcard) + checkWalletChainId(wildcard) + checkWalletAssignees(wildcard) +} diff --git a/apps/authz/src/opa/rego/__test__/criteria/tokenAmount_test.rego b/apps/authz/src/opa/rego/__test__/criteria/tokenAmount_test.rego deleted file mode 100644 index c62e7c743..000000000 --- a/apps/authz/src/opa/rego/__test__/criteria/tokenAmount_test.rego +++ /dev/null @@ -1,55 +0,0 @@ -package main - -test_tokenAmount { - res = tokenAmount(wildcard) with input as request - with data.entities as entities - - res == to_number(one_matic) -} - -test_tokenValue { - res = tokenAmount("fiat:usd") with input as request - with data.entities as entities - - res == to_number(one_matic_value) -} - -test_checkTokenAmount { - checkTokenAmount({"currency": wildcard, "operator": "eq", "value": one_matic}) with input as request - with data.entities as entities - - checkTokenAmount({"currency": wildcard, "operator": "neq", "value": ten_matic}) with input as request - with data.entities as entities - - checkTokenAmount({"currency": wildcard, "operator": "gt", "value": half_matic}) with input as request - with data.entities as entities - - checkTokenAmount({"currency": wildcard, "operator": "lt", "value": ten_matic}) with input as request - with data.entities as entities - - checkTokenAmount({"currency": wildcard, "operator": "gte", "value": one_matic}) with input as request - with data.entities as entities - - checkTokenAmount({"currency": wildcard, "operator": "lte", "value": one_matic}) with input as request - with data.entities as entities -} - -test_checkTokenValue { - checkTokenAmount({"currency": "fiat:usd", "operator": "eq", "value": one_matic_value}) with input as request - with data.entities as entities - - checkTokenAmount({"currency": "fiat:usd", "operator": "neq", "value": ten_matic_value}) with input as request - with data.entities as entities - - checkTokenAmount({"currency": "fiat:usd", "operator": "gt", "value": half_matic_value}) with input as request - with data.entities as entities - - checkTokenAmount({"currency": "fiat:usd", "operator": "lt", "value": ten_matic_value}) with input as request - with data.entities as entities - - checkTokenAmount({"currency": "fiat:usd", "operator": "gte", "value": one_matic_value}) with input as request - with data.entities as entities - - checkTokenAmount({"currency": "fiat:usd", "operator": "lte", "value": one_matic_value}) with input as request - with data.entities as entities -} diff --git a/apps/authz/src/opa/rego/__test__/criteria/gas_test.rego b/apps/authz/src/opa/rego/__test__/criteria/transactionRequest/gas_test.rego similarity index 100% rename from apps/authz/src/opa/rego/__test__/criteria/gas_test.rego rename to apps/authz/src/opa/rego/__test__/criteria/transactionRequest/gas_test.rego diff --git a/apps/authz/src/opa/rego/__test__/criteria/nonce_test.rego b/apps/authz/src/opa/rego/__test__/criteria/transactionRequest/nonce_test.rego similarity index 100% rename from apps/authz/src/opa/rego/__test__/criteria/nonce_test.rego rename to apps/authz/src/opa/rego/__test__/criteria/transactionRequest/nonce_test.rego diff --git a/apps/authz/src/opa/rego/lib/criteria/accumulation.rego b/apps/authz/src/opa/rego/lib/criteria/accumulation.rego index 52d5a89b0..3e0ab2b9a 100644 --- a/apps/authz/src/opa/rego/lib/criteria/accumulation.rego +++ b/apps/authz/src/opa/rego/lib/criteria/accumulation.rego @@ -94,7 +94,7 @@ checkSpendings(limit, filters) { filters, ) - amount = tokenAmount(conditions.currency) + amount = intentAmount(conditions.currency) spendings := sum([spending | transfer := input.transfers[_] diff --git a/apps/authz/src/opa/rego/lib/criteria/contractAddress.rego b/apps/authz/src/opa/rego/lib/criteria/contractAddress.rego deleted file mode 100644 index 9bb95a580..000000000 --- a/apps/authz/src/opa/rego/lib/criteria/contractAddress.rego +++ /dev/null @@ -1,12 +0,0 @@ -package main - -import future.keywords.in - -checkContractAddress(values) { - values == wildcard -} - -checkContractAddress(values) { - values != wildcard - input.intent.contract in values -} diff --git a/apps/authz/src/opa/rego/lib/criteria/contractHexSignatures.rego b/apps/authz/src/opa/rego/lib/criteria/contractHexSignatures.rego deleted file mode 100644 index cb10cc120..000000000 --- a/apps/authz/src/opa/rego/lib/criteria/contractHexSignatures.rego +++ /dev/null @@ -1,12 +0,0 @@ -package main - -import future.keywords.in - -checkContractHexSignatures(values) { - values == wildcard -} - -checkContractHexSignatures(values) { - values != wildcard - input.intent.hexSignature in values -} diff --git a/apps/authz/src/opa/rego/lib/criteria/intent.rego b/apps/authz/src/opa/rego/lib/criteria/intent.rego deleted file mode 100644 index ecfe8f601..000000000 --- a/apps/authz/src/opa/rego/lib/criteria/intent.rego +++ /dev/null @@ -1,7 +0,0 @@ -package main - -import future.keywords.in - -checkIntentType(values) { - input.intent.type in values -} diff --git a/apps/authz/src/opa/rego/lib/criteria/intent/amount.rego b/apps/authz/src/opa/rego/lib/criteria/intent/amount.rego new file mode 100644 index 000000000..f8fcaddc1 --- /dev/null +++ b/apps/authz/src/opa/rego/lib/criteria/intent/amount.rego @@ -0,0 +1,43 @@ +package main + +import future.keywords.in + +intentAmount(currency) = result { + currency == wildcard + result = to_number(input.intent.amount) +} + +intentAmount(currency) = result { + currency != wildcard + result = to_number(input.intent.amount) * to_number(input.prices[currency]) +} + +checkIntentAmount(condition) { + condition.operator == "eq" + to_number(condition.value) == intentAmount(condition.currency) +} + +checkIntentAmount(condition) { + condition.operator == "neq" + to_number(condition.value) != intentAmount(condition.currency) +} + +checkIntentAmount(condition) { + condition.operator == "gt" + to_number(condition.value) < intentAmount(condition.currency) +} + +checkIntentAmount(condition) { + condition.operator == "lt" + to_number(condition.value) > intentAmount(condition.currency) +} + +checkIntentAmount(condition) { + condition.operator == "gte" + to_number(condition.value) <= intentAmount(condition.currency) +} + +checkIntentAmount(condition) { + condition.operator == "lte" + to_number(condition.value) >= intentAmount(condition.currency) +} diff --git a/apps/authz/src/opa/rego/lib/criteria/destination.rego b/apps/authz/src/opa/rego/lib/criteria/intent/destination.rego similarity index 89% rename from apps/authz/src/opa/rego/lib/criteria/destination.rego rename to apps/authz/src/opa/rego/lib/criteria/intent/destination.rego index 172b04ccd..b41091baa 100644 --- a/apps/authz/src/opa/rego/lib/criteria/destination.rego +++ b/apps/authz/src/opa/rego/lib/criteria/intent/destination.rego @@ -10,6 +10,8 @@ destination = result { result := data.entities.addressBook[input.intent.to] } +# Intent Destination Address + checkDestinationAddress(values) { values == wildcard } @@ -19,6 +21,8 @@ checkDestinationAddress(values) { destination.uid in values } +# Intent Destination Classification + checkDestinationClassification(values) { values == wildcard } diff --git a/apps/authz/src/opa/rego/lib/criteria/intent/intent.rego b/apps/authz/src/opa/rego/lib/criteria/intent/intent.rego new file mode 100644 index 000000000..ecb88874f --- /dev/null +++ b/apps/authz/src/opa/rego/lib/criteria/intent/intent.rego @@ -0,0 +1,88 @@ +package main + +import future.keywords.in + +# Intent Type + +checkIntentType(values) { + input.intent.type in values +} + +# Intent Contract Address + +checkIntentContractAddress(values) { + values == wildcard +} + +checkIntentContractAddress(values) { + values != wildcard + input.intent.contract in values +} + +# Intent Token Address + +checkIntentTokenAddress(values) { + values == wildcard +} + +checkIntentTokenAddress(values) { + values != wildcard + input.intent.token in values +} + +# Intent Spender Address + +checkIntentSpenderAddress(values) { + values == wildcard +} + +checkIntentSpenderAddress(values) { + values != wildcard + input.intent.spender in values +} + +# Intent Chain ID + +checkIntentChainId(values) { + values == wildcard +} + +checkIntentChainId(values) { + values != wildcard + input.intent.chainId in values +} + +# Intent Hex Signature + +checkIntentHexSignature(values) { + values == wildcard +} + +checkIntentHexSignature(values) { + values != wildcard + input.intent.hexSignature in values +} + +# Intent message + +checkIntentMessage(operator, value) { + operator == "equals" + value == input.intent.message +} + +checkIntentMessage(operator, value) { + operator == "contains" + contains(input.intent.message, value) +} + +# Intent payload + +checkIntentPayload(operator, value) { + operator == "equals" + value == input.intent.payload +} + +checkIntentPayload(operator, value) { + operator == "contains" + contains(input.intent.payload, value) +} diff --git a/apps/authz/src/opa/rego/lib/criteria/source.rego b/apps/authz/src/opa/rego/lib/criteria/intent/source.rego similarity index 88% rename from apps/authz/src/opa/rego/lib/criteria/source.rego rename to apps/authz/src/opa/rego/lib/criteria/intent/source.rego index 1d98dde99..06666ccbf 100644 --- a/apps/authz/src/opa/rego/lib/criteria/source.rego +++ b/apps/authz/src/opa/rego/lib/criteria/intent/source.rego @@ -10,6 +10,8 @@ source = result { result := data.entities.addressBook[input.intent.from] } +# Intent Source Account Type + checkSourceAccountType(values) { values == wildcard } @@ -19,6 +21,8 @@ checkSourceAccountType(values) { source.accountType in values } +# Intent Source Address + checkSourceAddress(values) { values == wildcard } @@ -28,6 +32,8 @@ checkSourceAddress(values) { source.uid in values } +# Intent Source Classification + checkSourceClassification(values) { values == wildcard } diff --git a/apps/authz/src/opa/rego/lib/criteria/transferNft.rego b/apps/authz/src/opa/rego/lib/criteria/intent/transferNft.rego similarity index 100% rename from apps/authz/src/opa/rego/lib/criteria/transferNft.rego rename to apps/authz/src/opa/rego/lib/criteria/intent/transferNft.rego diff --git a/apps/authz/src/opa/rego/lib/criteria/principal.rego b/apps/authz/src/opa/rego/lib/criteria/principal.rego index 68510d202..20479612e 100644 --- a/apps/authz/src/opa/rego/lib/criteria/principal.rego +++ b/apps/authz/src/opa/rego/lib/criteria/principal.rego @@ -26,6 +26,8 @@ checkPrincipal { isPrincipalAssignedToWallet } +# Principal ID + checkPrincipalId(values) { values == wildcard } @@ -35,6 +37,8 @@ checkPrincipalId(values) { principal.uid in values } +# Principal Role + checkPrincipalRole(values) { values == wildcard } @@ -44,6 +48,8 @@ checkPrincipalRole(values) { principal.role in values } +# Principal Group + checkPrincipalGroups(values) { values == wildcard } diff --git a/apps/authz/src/opa/rego/lib/criteria/resource.rego b/apps/authz/src/opa/rego/lib/criteria/resource.rego index e5bd791cf..d83873c79 100644 --- a/apps/authz/src/opa/rego/lib/criteria/resource.rego +++ b/apps/authz/src/opa/rego/lib/criteria/resource.rego @@ -25,6 +25,8 @@ getWalletGroups(id) = result { } } +# Wallet ID + checkWalletId(values) { values == wildcard } @@ -34,6 +36,8 @@ checkWalletId(values) { resource.uid in values } +# Wallet Groups + checkWalletGroups(values) { values == wildcard } @@ -44,6 +48,8 @@ checkWalletGroups(values) { group in values } +# Wallet Chain ID + checkWalletChainId(values) { values == wildcard } @@ -57,6 +63,8 @@ checkWalletChainId(values) { resource.chainId in values } +# Wallet Assignees + checkWalletAssignees(values) { values == wildcard } diff --git a/apps/authz/src/opa/rego/lib/criteria/signMessage.rego b/apps/authz/src/opa/rego/lib/criteria/signMessage.rego deleted file mode 100644 index bec3d9c90..000000000 --- a/apps/authz/src/opa/rego/lib/criteria/signMessage.rego +++ /dev/null @@ -1,27 +0,0 @@ -package main - -# Sign message - -signMessageEquals(value) { - value == input.intent.message -} - -signMessageContains(value) { - contains(input.intent.message, value) -} - -# Sign raw payload - -signRawPayloadEquals(value) { - value == input.intent.payload -} - -signRawPayloadContains(value) { - contains(input.intent.payload, value) -} - -# Sign typed data - -signTypedDataEquals(value) { - value == input.intent.typedData -} diff --git a/apps/authz/src/opa/rego/lib/criteria/tokenAddress.rego b/apps/authz/src/opa/rego/lib/criteria/tokenAddress.rego deleted file mode 100644 index c4833c2d5..000000000 --- a/apps/authz/src/opa/rego/lib/criteria/tokenAddress.rego +++ /dev/null @@ -1,12 +0,0 @@ -package main - -import future.keywords.in - -checkTokenAddress(values) { - values == wildcard -} - -checkTokenAddress(values) { - values != wildcard - input.intent.token in values -} \ No newline at end of file diff --git a/apps/authz/src/opa/rego/lib/criteria/tokenAmount.rego b/apps/authz/src/opa/rego/lib/criteria/tokenAmount.rego deleted file mode 100644 index dc294a011..000000000 --- a/apps/authz/src/opa/rego/lib/criteria/tokenAmount.rego +++ /dev/null @@ -1,43 +0,0 @@ -package main - -import future.keywords.in - -tokenAmount(currency) = result { - currency == wildcard - result = to_number(input.intent.amount) -} - -tokenAmount(currency) = result { - currency != wildcard - result = to_number(input.intent.amount) * to_number(input.prices[currency]) -} - -checkTokenAmount(condition) { - condition.operator == "eq" - to_number(condition.value) == tokenAmount(condition.currency) -} - -checkTokenAmount(condition) { - condition.operator == "neq" - to_number(condition.value) != tokenAmount(condition.currency) -} - -checkTokenAmount(condition) { - condition.operator == "gt" - to_number(condition.value) < tokenAmount(condition.currency) -} - -checkTokenAmount(condition) { - condition.operator == "lt" - to_number(condition.value) > tokenAmount(condition.currency) -} - -checkTokenAmount(condition) { - condition.operator == "gte" - to_number(condition.value) <= tokenAmount(condition.currency) -} - -checkTokenAmount(condition) { - condition.operator == "lte" - to_number(condition.value) >= tokenAmount(condition.currency) -} diff --git a/apps/authz/src/opa/rego/lib/criteria/tokenSpender.rego b/apps/authz/src/opa/rego/lib/criteria/tokenSpender.rego deleted file mode 100644 index 43a05d545..000000000 --- a/apps/authz/src/opa/rego/lib/criteria/tokenSpender.rego +++ /dev/null @@ -1,12 +0,0 @@ -package main - -import future.keywords.in - -checkTokenSpenderAddress(values) { - values == wildcard -} - -checkTokenSpenderAddress(values) { - values != wildcard - input.intent.spender in values -} diff --git a/apps/authz/src/opa/rego/lib/criteria/gas.rego b/apps/authz/src/opa/rego/lib/criteria/transactionRequest/gas.rego similarity index 97% rename from apps/authz/src/opa/rego/lib/criteria/gas.rego rename to apps/authz/src/opa/rego/lib/criteria/transactionRequest/gas.rego index 83f2a340b..a1f73dd55 100644 --- a/apps/authz/src/opa/rego/lib/criteria/gas.rego +++ b/apps/authz/src/opa/rego/lib/criteria/transactionRequest/gas.rego @@ -1,7 +1,5 @@ package main -import future.keywords.in - gasFee = (to_number(input.transactionRequest.maxFeePerGas) + to_number(input.transactionRequest.maxPriorityFeePerGas)) * to_number(input.transactionRequest.gas) gasFeeAmount(currency) = result { diff --git a/apps/authz/src/opa/rego/lib/criteria/nonce.rego b/apps/authz/src/opa/rego/lib/criteria/transactionRequest/nonce.rego similarity index 100% rename from apps/authz/src/opa/rego/lib/criteria/nonce.rego rename to apps/authz/src/opa/rego/lib/criteria/transactionRequest/nonce.rego diff --git a/apps/authz/src/opa/rego/policies/approvals.rego b/apps/authz/src/opa/rego/policies/approvals.rego index 2d63795cf..308fbdf97 100644 --- a/apps/authz/src/opa/rego/policies/approvals.rego +++ b/apps/authz/src/opa/rego/policies/approvals.rego @@ -19,8 +19,8 @@ permit[{"policyId": "approvalByUsers"}] := reason { input.action == "signTransaction" checkWalletId(resources) checkIntentType(transferTypes) - checkContractAddress(tokens) - checkTokenAmount(transferValueCondition) + checkIntentContractAddress(tokens) + checkIntentAmount(transferValueCondition) approvals := getApprovalsResult(approvalsRequired) @@ -49,8 +49,8 @@ permit[{"policyId": "approvalByUserGroups"}] := reason { input.action == "signTransaction" checkWalletId(resources) checkIntentType(transferTypes) - checkContractAddress(tokens) - checkTokenAmount(transferValueCondition) + checkIntentContractAddress(tokens) + checkIntentAmount(transferValueCondition) approvals := getApprovalsResult(approvalsRequired) @@ -79,8 +79,8 @@ permit[{"policyId": "approvalByUserRoles"}] := reason { input.action == "signTransaction" checkWalletId(resources) checkIntentType(transferTypes) - checkContractAddress(tokens) - checkTokenAmount(transferValueCondition) + checkIntentContractAddress(tokens) + checkIntentAmount(transferValueCondition) approvals := getApprovalsResult(approvalsRequired) diff --git a/apps/authz/src/opa/rego/policies/e2e.rego b/apps/authz/src/opa/rego/policies/e2e.rego index f41336625..40c610b5d 100644 --- a/apps/authz/src/opa/rego/policies/e2e.rego +++ b/apps/authz/src/opa/rego/policies/e2e.rego @@ -21,8 +21,8 @@ permit[{"policyId": "test-permit-policy-1"}] := reason { checkPrincipalId(users) checkWalletId(resources) checkIntentType(transferTypes) - checkTokenAddress(tokens) - checkTokenAmount(transferValueCondition) + checkIntentTokenAddress(tokens) + checkIntentAmount(transferValueCondition) approvals = getApprovalsResult(approvalsRequired) @@ -48,7 +48,7 @@ forbid[{"policyId": "test-forbid-policy-1"}] := reason { checkPrincipalId(users) checkWalletId(resources) checkIntentType(transferTypes) - checkTokenAddress(tokens) + checkIntentTokenAddress(tokens) checkSpendings(limit, { "tokens": tokens, "users": users, diff --git a/apps/authz/src/opa/rego/policies/spendings.rego b/apps/authz/src/opa/rego/policies/spendings.rego index e8f6fddec..385c7daed 100644 --- a/apps/authz/src/opa/rego/policies/spendings.rego +++ b/apps/authz/src/opa/rego/policies/spendings.rego @@ -17,7 +17,7 @@ forbid[{"policyId": "spendingLimitByRole"}] := reason { input.action == "signTransaction" checkPrincipalRole(roles) checkIntentType(transferTypes) - checkContractAddress(tokens) + checkIntentContractAddress(tokens) checkSpendings(limit, { "currency": currency, "tokens": tokens, @@ -48,7 +48,7 @@ forbid[{"policyId": "spendingLimitByUser"}] := reason { input.action == "signTransaction" checkPrincipalId(users) checkIntentType(transferTypes) - checkContractAddress(tokens) + checkIntentContractAddress(tokens) checkSpendings(limit, { "currency": currency, "tokens": tokens,