organize rego files

narval-xyz · Jan 12, 2024 · e347505 · e347505
1 parent f6d2895
commit e347505
Show file tree

Hide file tree

Showing 13 changed files with 671 additions and 0 deletions.
diff --git a/apps/authz/src/app/opa/rego/lib/criterias/approvals.rego b/apps/authz/src/app/opa/rego/lib/criterias/approvals.rego
@@ -0,0 +1,137 @@
+package main
+
+import future.keywords.in
+
+match_signers(possible_signers, threshold) = result {
+	signature := input.signatures[_]
+	signature.signer == input.principal.uid
+
+	matched_signers := {signer |
+		signature := input.signatures[_]
+		signer := signature.signer
+		signer in possible_signers
+	}
+
+	missing_signers := {signer |
+		signer := possible_signers[_]
+		not signer in matched_signers
+	}
+
+	result := {
+		"matched_signers": matched_signers,
+		"possible_signers": missing_signers,
+		"threshold_passed": count(matched_signers) >= threshold,
+	}
+}
+
+check_approval(approval) = result {
+	approval.countPrincipal == true
+	approval.entityType == "Narval::User"
+
+	possible_signers := {signer | signer := approval.entityIds[_]} | {input.principal.uid}
+	match := match_signers(possible_signers, approval.threshold)
+
+	result := {
+		"approval": approval,
+		"match": match,
+	}
+}
+
+check_approval(approval) = result {
+	approval.countPrincipal == false
+	approval.entityType == "Narval::User"
+
+	possible_signers := {signer |
+		signer := approval.entityIds[_]
+		signer != input.principal.uid
+	}
+
+	match := match_signers(possible_signers, approval.threshold)
+
+	result := {
+		"approval": approval,
+		"match": match,
+	}
+}
+
+check_approval(approval) = result {
+	approval.countPrincipal == true
+	approval.entityType == "Narval::UserGroup"
+
+	possible_signers := {user |
+		group := approval.entityIds[_]
+		signers := data.entities.user_groups[group].users
+		user := signers[_]
+	} | {input.principal.uid}
+
+	match := match_signers(possible_signers, approval.threshold)
+
+	result := {
+		"approval": approval,
+		"match": match,
+	}
+}
+
+check_approval(approval) = result {
+	approval.countPrincipal == false
+	approval.entityType == "Narval::UserGroup"
+
+	possible_signers := {user |
+		group := approval.entityIds[_]
+		signers := data.entities.user_groups[group].users
+		user := signers[_]
+		user != input.principal.uid
+	}
+
+	match := match_signers(possible_signers, approval.threshold)
+
+	result := {
+		"approval": approval,
+		"match": match,
+	}
+}
+
+check_approval(approval) = result {
+	approval.countPrincipal == true
+	approval.entityType == "Narval::UserRole"
+
+	possible_signers := {user.uid |
+		user := data.entities.users[_]
+		user.role in approval.entityIds
+	} | {input.principal.uid}
+
+	match := match_signers(possible_signers, approval.threshold)
+
+	result := {
+		"approval": approval,
+		"match": match,
+	}
+}
+
+check_approval(approval) = result {
+	approval.countPrincipal == false
+	approval.entityType == "Narval::UserRole"
+
+	possible_signers := {user.uid |
+		user := data.entities.users[_]
+		user.role in approval.entityIds
+		user.uid != input.principal.uid
+	}
+
+	match := match_signers(possible_signers, approval.threshold)
+
+	result := {
+		"approval": approval,
+		"match": match,
+	}
+}
+
+get_approvals_result(approvals) := result {
+	approvalsSatisfied := [approval | approval = approvals[_]; approval.match.threshold_passed == true]
+	approvalsMissing := [approval | approval = approvals[_]; approval.match.threshold_passed == false]
+
+	result := {
+		"approvalsSatisfied": approvalsSatisfied,
+		"approvalsMissing": approvalsMissing,
+	}
+}
diff --git a/apps/authz/src/app/opa/rego/lib/criterias/destination.rego b/apps/authz/src/app/opa/rego/lib/criterias/destination.rego
@@ -0,0 +1,23 @@
+package main
+
+import future.keywords.in
+
+check_destination_address(values) {
+	values == wildcard
+}
+
+check_destination_address(values) {
+	destination.address in values
+}
+
+check_destination_classification(values) {
+	values == wildcard
+}
+
+check_destination_classification(values) {
+	not destination.classification
+}
+
+check_destination_classification(values) {
+	destination.classification in values
+}
diff --git a/apps/authz/src/app/opa/rego/lib/criterias/principal.rego b/apps/authz/src/app/opa/rego/lib/criterias/principal.rego
@@ -0,0 +1,28 @@
+package main
+
+import future.keywords.in
+
+check_principal_id(values) {
+	values == wildcard
+}
+
+check_principal_id(values) {
+	principal.uid in values
+}
+
+check_principal_role(values) {
+	values == wildcard
+}
+
+check_principal_role(values) {
+	principal.role in values
+}
+
+check_principal_groups(values) {
+	values == wildcard
+}
+
+check_principal_groups(values) {
+	group := principal_groups[_]
+	group in values
+}
diff --git a/apps/authz/src/app/opa/rego/lib/criterias/resource.rego b/apps/authz/src/app/opa/rego/lib/criterias/resource.rego
@@ -0,0 +1,41 @@
+package main
+
+import future.keywords.in
+
+check_wallet_id(values) {
+	values == wildcard
+}
+
+check_wallet_id(values) {
+	resource.uid in values
+}
+
+check_wallet_groups(values) {
+	values == wildcard
+}
+
+check_wallet_groups(values) {
+	group := wallet_groups[_]
+	group in values
+}
+
+check_wallet_chain_id(values) {
+	values == wildcard
+}
+
+check_wallet_chain_id(values) {
+	not resource.chainId
+}
+
+check_wallet_chain_id(values) {
+	resource.chainId in values
+}
+
+check_wallet_assignees(values) {
+	values == wildcard
+}
+
+check_wallet_assignees(values) {
+	assignee := resource.assignees[_]
+	assignee in values
+}
diff --git a/apps/authz/src/app/opa/rego/lib/criterias/source.rego b/apps/authz/src/app/opa/rego/lib/criterias/source.rego
@@ -0,0 +1,31 @@
+package main
+
+import future.keywords.in
+
+check_source_account_type(values) {
+	values == wildcard
+}
+
+check_source_account_type(values) {
+	source.accountType in values
+}
+
+check_source_address(values) {
+	values == wildcard
+}
+
+check_source_address(values) {
+	source.address in values
+}
+
+check_source_classification(values) {
+	values == wildcard
+}
+
+check_source_classification(values) {
+	not source.classification
+}
+
+check_source_classification(values) {
+	source.classification in values
+}
diff --git a/apps/authz/src/app/opa/rego/lib/criterias/transfer_token.rego b/apps/authz/src/app/opa/rego/lib/criterias/transfer_token.rego
@@ -0,0 +1,65 @@
+package main
+
+import future.keywords.in
+
+check_transfer_token_type(values) {
+	values == wildcard
+}
+
+check_transfer_token_type(values) {
+	input.intent.type in values
+}
+
+check_transfer_token_address(values) {
+	values == wildcard
+}
+
+check_transfer_token_address(values) {
+	input.intent.native in values
+}
+
+check_transfer_token_address(values) {
+	input.intent.native.address in values
+}
+
+check_transfer_token_address(values) {
+	input.intent.token in values
+}
+
+check_transfer_token_address(values) {
+	input.intent.token.address in values
+}
+
+check_transfer_token_operation(operation) {
+	operation == wildcard
+}
+
+check_transfer_token_operation(operation) {
+	operation.operator == "eq"
+	operation.value == input.intent.amount
+}
+
+check_transfer_token_operation(operation) {
+	operation.operator == "neq"
+	operation.value != input.intent.amount
+}
+
+check_transfer_token_operation(operation) {
+	operation.operator == "gt"
+	operation.value < input.intent.amount
+}
+
+check_transfer_token_operation(operation) {
+	operation.operator == "lt"
+	operation.value > input.intent.amount
+}
+
+check_transfer_token_operation(operation) {
+	operation.operator == "gte"
+	operation.value <= input.intent.amount
+}
+
+check_transfer_token_operation(operation) {
+	operation.operator == "lte"
+	operation.value >= input.intent.amount
+}