Merge remote-tracking branch 'origin/main' into policy-builder-interface

narval-xyz · Jan 31, 2024 · da3c161 · da3c161
2 parents 73bddd9 + 8f0db0c
commit da3c161
Show file tree

Hide file tree

Showing 65 changed files with 7,642 additions and 383 deletions.
diff --git a/.eslintrc.json b/.eslintrc.json
@@ -24,7 +24,20 @@
     {
       "files": ["*.ts", "*.tsx"],
       "extends": ["plugin:@nx/typescript"],
-      "rules": {}
+      "rules": {
+        "no-restricted-imports": [
+          "error",
+          {
+            "paths": [
+              {
+                "name": "viem",
+                "importNames": ["getAddress", "isAddress"],
+                "message": "Please note the `getAddress` and `isAddress` functions work exclusively with checksummed addresses. If your need to verify or retrieve an address regardless of its format, you should use the corresponding functions in `evm.util.ts`."
+              }
+            ]
+          }
+        ]
+      }
     },
     {
       "files": ["*.js", "*.jsx"],

diff --git a/apps/authz/src/app/app.controller.ts b/apps/authz/src/app/app.controller.ts
@@ -1,6 +1,6 @@
 import { EvaluationRequestDto } from '@app/authz/app/evaluation-request.dto'
 import { generateInboundRequest } from '@app/authz/app/persistence/repository/mock_data'
-import { AuthorizationRequest } from '@narval/authz-shared'
+import { EvaluationRequest } from '@narval/authz-shared'
 import { Body, Controller, Get, Logger, Post } from '@nestjs/common'
 import { AppService } from './app.service'
 
@@ -32,7 +32,7 @@ export class AppController {
     })
 
     // Map the DTO into the TS type because it's nicer to deal with.
-    const payload: AuthorizationRequest = body
+    const payload: EvaluationRequest = body
 
     const result = await this.appService.runEvaluation(payload)
     this.logger.log({

diff --git a/apps/authz/src/app/app.service.ts b/apps/authz/src/app/app.service.ts
@@ -3,9 +3,9 @@ import { AuthCredential, OpaResult, RegoInput } from '@app/authz/shared/types/do
 import {
   Action,
   Alg,
-  AuthorizationRequest,
-  AuthorizationResponse,
   Decision,
+  EvaluationRequest,
+  EvaluationResponse,
   HistoricalTransfer,
   Request,
   Signature,
@@ -143,7 +143,7 @@ export class AppService {
     authentication,
     approvals,
     transfers
-  }: AuthorizationRequest): Promise<AuthorizationResponse> {
+  }: EvaluationRequest): Promise<EvaluationResponse> {
     // Pre-Process
     // verify the signatures of the Principal and any Approvals
     const decoder = new Decoder()
@@ -184,7 +184,7 @@ export class AppService {
     // Post-processing to evaluate multisigs
     const finalDecision = finalizeDecision(resultSet)
 
-    const authzResponse: AuthorizationResponse = {
+    const authzResponse: EvaluationResponse = {
       decision: finalDecision.decision,
       request,
       transactionRequestIntent: intent,

diff --git a/...authz/src/app/persistence/repository/__test__/integration/organization.repository.spec.ts b/...authz/src/app/persistence/repository/__test__/integration/organization.repository.spec.ts
@@ -41,6 +41,7 @@ describe(OrganizationRepository.name, () => {
 
     it('creates a new organization', async () => {
       await repository.createOrganization('test-org-uid', 'test-user-uid', {
+        kid: 'test-kid',
         alg: Alg.ES256K,
         pubKey: 'test-public-key'
       })

diff --git a/apps/authz/src/app/persistence/repository/mock_data.ts b/apps/authz/src/app/persistence/repository/mock_data.ts
@@ -12,14 +12,14 @@ import {
   Action,
   Alg,
   AssetId,
-  AuthorizationRequest,
+  EvaluationRequest,
   Request,
   TransactionRequest,
   hashRequest
 } from '@narval/authz-shared'
 import { Intents } from 'packages/transaction-request-intent/src/lib/domain'
 import { TransferNative } from 'packages/transaction-request-intent/src/lib/intent.types'
-import { Address, toHex } from 'viem'
+import { Address, sha256, toHex } from 'viem'
 import { privateKeyToAccount } from 'viem/accounts'
 
 export const ONE_ETH = BigInt('1000000000000000000')
@@ -47,6 +47,7 @@ export const MATT: User = {
 }
 
 export const MATT_CREDENTIAL_1: AuthCredential = {
+  kid: sha256('0xd75D626a116D4a1959fE3bB938B2e7c116A05890'),
   alg: Alg.ES256K,
   userId: MATT.uid,
   pubKey: '0xd75D626a116D4a1959fE3bB938B2e7c116A05890'
@@ -58,6 +59,7 @@ export const AAUser: User = {
 }
 
 export const AAUser_Credential_1: AuthCredential = {
+  kid: sha256('0x501D5c2Ce1EF208aadf9131a98BAa593258CfA06'),
   userId: AAUser.uid,
   alg: Alg.ES256K,
   pubKey: '0x501D5c2Ce1EF208aadf9131a98BAa593258CfA06'
@@ -69,6 +71,7 @@ export const BBUser: User = {
 }
 
 export const BBUser_Credential_1: AuthCredential = {
+  kid: sha256('0xab88c8785D0C00082dE75D801Fcb1d5066a6311e'),
   userId: BBUser.uid,
   alg: Alg.ES256K,
   pubKey: '0xab88c8785D0C00082dE75D801Fcb1d5066a6311e'
@@ -138,7 +141,7 @@ export const TREASURY_WALLET_X: Wallet = {
   uid: 'eip155:eoa:0x90d03a8971a2faa19a9d7ffdcbca28fe826a289b', // Prod guild 58 - treasury wallet
   address: '0x90d03a8971a2faa19a9d7ffdcbca28fe826a289b',
   accountType: AccountType.EOA,
-  assignees: ['matt@narval.xyz']
+  assignees: [MATT.uid]
 }
 
 // Wallet Groups
@@ -258,7 +261,7 @@ export const mockEntityData: RegoData = {
 
 // stub out the actual tx request & signature
 // This is what would be the initial input from the external service
-export const generateInboundRequest = async (): Promise<AuthorizationRequest> => {
+export const generateInboundRequest = async (): Promise<EvaluationRequest> => {
   const txRequest = NATIVE_TRANSFER_TX_REQUEST
   const request: Request = {
     action: Action.SIGN_TRANSACTION,

diff --git a/apps/authz/src/app/persistence/repository/organization.repository.ts b/apps/authz/src/app/persistence/repository/organization.repository.ts
@@ -55,6 +55,7 @@ export class OrganizationRepository implements OnModuleInit {
 
     const rootAuthCredential = await this.prismaService.authCredential.create({
       data: {
+        uid: credential.kid,
         pubKey: credential.pubKey,
         alg: credential.alg,
         userId: rootUserId
@@ -79,6 +80,7 @@ export class OrganizationRepository implements OnModuleInit {
 
     await this.prismaService.authCredential.create({
       data: {
+        uid: credential.kid,
         pubKey: credential.pubKey,
         alg: credential.alg,
         userId: uid
@@ -100,11 +102,151 @@ export class OrganizationRepository implements OnModuleInit {
         userId: uid
       }
     })
-    // TODO: remove user from any wallets/groups
+
+    await this.prismaService.userWalletAssignment.deleteMany({
+      where: {
+        userId: uid
+      }
+    })
+
+    await this.prismaService.userGroupMembership.deleteMany({
+      where: {
+        userId: uid
+      }
+    })
+  }
+
+  async createAuthCredential(credential: AuthCredentialDto, userId: string) {
+    await this.prismaService.authCredential.create({
+      data: {
+        uid: credential.kid,
+        pubKey: credential.pubKey,
+        alg: credential.alg,
+        userId
+      }
+    })
+  }
+
+  async deleteAuthCredential(kid: string) {
+    await this.prismaService.authCredential.delete({
+      where: {
+        uid: kid
+      }
+    })
+  }
+
+  async assignUserRole(userId: string, role: UserRoles) {
+    await this.prismaService.user.update({
+      where: {
+        uid: userId
+      },
+      data: {
+        role
+      }
+    })
+  }
+
+  async assignUserGroup(userId: string, groupId: string) {
+    await this.prismaService.userGroupMembership.create({
+      data: {
+        userId,
+        userGroupId: groupId
+      }
+    })
+  }
+
+  async unassignUserGroup(userId: string, groupId: string) {
+    await this.prismaService.userGroupMembership.delete({
+      where: {
+        userId_userGroupId: {
+          userId,
+          userGroupId: groupId
+        }
+      }
+    })
+  }
+
+  async registerWallet(uid: string, address: Address, accountType: AccountType, chainId?: number) {
+    await this.prismaService.wallet.create({
+      data: {
+        uid,
+        address: address,
+        accountType,
+        chainId
+      }
+    })
   }
 
-  // eslint-disable-next-line
-  async registerWallet(uid: string, address: Address, accountType: AccountType, chainId?: number) {}
+  async unregisterWallet(uid: string) {
+    // Remove the wallet from any groups
+    await this.prismaService.walletGroupMembership.deleteMany({
+      where: {
+        walletId: uid
+      }
+    })
+    // Remove the wallet from assignees
+    await this.prismaService.userWalletAssignment.deleteMany({
+      where: {
+        walletId: uid
+      }
+    })
+    // Delete the wallet
+    await this.prismaService.wallet.delete({
+      where: {
+        uid
+      }
+    })
+  }
+
+  async createWalletGroup(uid: string, walletIds?: string[]) {
+    await this.prismaService.walletGroup.create({
+      data: {
+        uid
+      }
+    })
+    if (walletIds) {
+      await Promise.all(
+        walletIds.map(async (walletId) => {
+          await this.assignWalletGroup(walletId, uid)
+        })
+      )
+    }
+  }
+
+  async deleteWalletGroup(uid: string) {
+    // unassign all wallets from the group
+    await this.prismaService.walletGroupMembership.deleteMany({
+      where: {
+        walletGroupId: uid
+      }
+    })
+    // delete the group
+    await this.prismaService.walletGroup.delete({
+      where: {
+        uid
+      }
+    })
+  }
+
+  async assignWalletGroup(walletGroupId: string, walletId: string) {
+    await this.prismaService.walletGroupMembership.create({
+      data: {
+        walletId,
+        walletGroupId
+      }
+    })
+  }
+
+  async unassignWalletGroup(walletGroupId: string, walletId: string) {
+    await this.prismaService.walletGroupMembership.delete({
+      where: {
+        walletId_walletGroupId: {
+          walletId,
+          walletGroupId
+        }
+      }
+    })
+  }
 
   async registerRootKey() {}
 }

diff --git a/apps/authz/src/opa/rego/__test__/criteria/intent/transferToken_test.rego b/apps/authz/src/opa/rego/__test__/criteria/intent/transferToken_test.rego
@@ -9,7 +9,7 @@ test_transferNative {
 			"to": "eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3",
 			"type": "transferNative",
 			"amount": "1000000000000000000",
-			"token": "eip155:137/slip44/966",
+			"token": "eip155:137/slip44:966",
 		},
 	}
 
@@ -22,7 +22,7 @@ test_transferNative {
 	checkDestinationId({"eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3"}) with input as nativeRequest
 		with data.entities as entities
 
-	checkIntentTokenAddress({"eip155:137/slip44/966"}) with input as nativeRequest
+	checkIntentTokenAddress({"eip155:137/slip44:966"}) with input as nativeRequest
 		with data.entities as entities
 
 	checkIntentAmount({"currency": wildcard, "operator": "lte", "value": "1000000000000000000"}) with input as nativeRequest

diff --git a/apps/authz/src/opa/rego/__test__/criteria/principal_test.rego b/apps/authz/src/opa/rego/__test__/criteria/principal_test.rego
@@ -26,4 +26,3 @@ test_principal {
 	checkPrincipalGroup({"test-user-group-one-uid"}) with input as request
 		with data.entities as entities
 }
-
diff --git a/apps/authz/src/opa/rego/__test__/main_test.rego b/apps/authz/src/opa/rego/__test__/main_test.rego
@@ -82,10 +82,10 @@ transfersReq = [
 	},
 ]
 
-pricesReq = {
+pricesReq = {"eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174": {
 	"fiat:usd": "0.99",
 	"fiat:eur": "1.10",
-}
+}}
 
 request = {
 	"action": "signTransaction",
@@ -110,7 +110,7 @@ entities = {
 		},
 		"test-bar-uid": {
 			"uid": "test-bar-uid",
-			"role": "member",
+			"role": "admin",
 		},
 		"test-foo-uid": {
 			"uid": "test-foo-uid",