Add @narval/authz-shared library

narval-xyz · Jan 18, 2024 · e618416 · e618416
1 parent d39acdf
commit e618416
Show file tree

Hide file tree

Showing 22 changed files with 391 additions and 57 deletions.
diff --git a/.github/workflows/authz_shared_ci.yml b/.github/workflows/authz_shared_ci.yml
@@ -0,0 +1,56 @@
+name: "@narval/authz-shared CI"
+
+on:
+  push:
+    paths:
+      - packages/authz-shared/**
+      - .github/workflows/authz_shared_ci.yml
+      - Makefile
+      - jest.config.ts
+      - jest.preset.js
+      - .eslintrc.json
+      - .prettierrc
+      - package.json
+      - package-lock.json
+
+jobs:
+  build-and-test:
+    name: Build and test
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@master
+
+      - name: Install Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '20.4.0'
+
+      - name: Install dependencies
+        run: |
+          make install/ci
+
+      - name: Code format
+        shell: bash
+        run: |
+          make format/check
+          make lint/check
+
+      - name: Test unit
+        shell: bash
+        run: |
+           make authz-shared/test/unit
+
+      - name: Send Slack notification on failure
+        if: failure()
+        uses: 8398a7/action-slack@v3
+        with:
+          username: GitHub
+          author_name: "@narval/authz-shared CI failed"
+          status: ${{ job.status }}
+          fields: message,commit,author
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+
diff --git a/Makefile b/Makefile
@@ -1,5 +1,6 @@
 include ./apps/authz/Makefile
 include ./apps/orchestration/Makefile
+include ./packages/authz-shared/Makefile
 include ./packages/transaction-request-intent/Makefile
 
 # For more terminal color codes, head over to https://opensource.com/article/19/9/linux-terminal-colors

diff --git a/README.md b/README.md
@@ -28,6 +28,7 @@ At the end, you must have a working environment ready to run any application.
 
 - [@app/authz](./apps/authz/README.md)
 - [@app/orchestration](./apps/orchestration/README.md)
+- [@narval/authz-shared](./packages/authz-shared/README.md)
 - [@narval/transaction-request-intent](./packages/transaction-request-intent/README.md)
 
 ## Docker

diff --git a/apps/orchestration/src/policy-engine/__test__/e2e/facade.spec.ts b/apps/orchestration/src/policy-engine/__test__/e2e/facade.spec.ts
@@ -8,6 +8,7 @@ import {
   SupportedAction,
   TransactionType
 } from '@app/orchestration/policy-engine/core/type/domain.type'
+import { SignatureDto } from '@app/orchestration/policy-engine/http/rest/dto/signature.dto'
 import { AuthorizationRequestRepository } from '@app/orchestration/policy-engine/persistence/repository/authorization-request.repository'
 import { PolicyEngineModule } from '@app/orchestration/policy-engine/policy-engine.module'
 import { PersistenceModule } from '@app/orchestration/shared/module/persistence/persistence.module'
@@ -31,6 +32,25 @@ describe('Policy Engine Cluster Facade', () => {
   let authzRequestRepository: AuthorizationRequestRepository
   let authzRequestProcessingQueue: Queue
 
+  const authentication: SignatureDto = {
+    sig: '0xe24d097cea880a40f8be2cf42f497b9fbda5f9e4a31b596827e051d78dce75c032fa7e5ee3046f7c6f116e5b98cb8d268fa9b9d222ff44719e2ec2a0d9159d0d1c',
+    alg: 'ES256K',
+    pubKey: '0xd75D626a116D4a1959fE3bB938B2e7c116A05890'
+  }
+
+  const approvals: SignatureDto[] = [
+    {
+      sig: '0x48510e3b74799b8e8f4e01aba0d196e18f66d86a62ae91abf5b89be9391c15661c7d29ee4654a300ed6db977da512475ed5a39f70f677e23d1b2f53c1554d0dd1b',
+      alg: 'ES256K',
+      pubKey: '0x501D5c2Ce1EF208aadf9131a98BAa593258CfA06'
+    },
+    {
+      sig: '0xcc645f43d8df80c4deeb2e60a8c0c15d58586d2c29ea7c85208cea81d1c47cbd787b1c8473dde70c3a7d49f573e491223107933257b2b99ecc4806b7cc16848d1c',
+      alg: 'ES256K',
+      pubKey: '0xab88c8785D0C00082dE75D801Fcb1d5066a6311e'
+    }
+  ]
+
   // TODO: Create domain type
   const org: Organization = {
     id: 'ac1374c2-fd62-4b6e-bd49-a4afcdcb91cc',
@@ -86,18 +106,8 @@ describe('Policy Engine Cluster Facade', () => {
         action: SupportedAction.SIGN_MESSAGE,
         request: signMessageRequest,
         hash: hashMessage(JSON.stringify(signMessageRequest)),
-        authentication: {
-          signature: {
-            hash: 'string'
-          }
-        },
-        approval: {
-          signatures: [
-            {
-              hash: 'string'
-            }
-          ]
-        }
+        authentication,
+        approvals
       }
 
       const { status, body } = await request(app.getHttpServer())
@@ -139,18 +149,8 @@ describe('Policy Engine Cluster Facade', () => {
         action: SupportedAction.SIGN_TRANSACTION,
         hash: hashMessage(JSON.stringify(signTransactionRequest)),
         request: signTransactionRequest,
-        authentication: {
-          signature: {
-            hash: 'string'
-          }
-        },
-        approval: {
-          signatures: [
-            {
-              hash: 'string'
-            }
-          ]
-        }
+        authentication,
+        approvals
       }
 
       const { status, body } = await request(app.getHttpServer())
@@ -181,18 +181,8 @@ describe('Policy Engine Cluster Facade', () => {
         action: SupportedAction.SIGN_TRANSACTION,
         hash: hashMessage(JSON.stringify(signTransactionRequest)),
         request: signTransactionRequest,
-        authentication: {
-          signature: {
-            hash: 'string'
-          }
-        },
-        approval: {
-          signatures: [
-            {
-              hash: 'string'
-            }
-          ]
-        }
+        authentication,
+        approvals
       }
 
       const { status, body } = await request(app.getHttpServer())

diff --git a/apps/orchestration/src/policy-engine/http/rest/dto/authorization-request.dto.ts b/apps/orchestration/src/policy-engine/http/rest/dto/authorization-request.dto.ts
@@ -7,19 +7,6 @@ import { Type } from 'class-transformer'
 import { IsDefined, IsEnum, IsString, Validate, ValidateNested } from 'class-validator'
 import { RequestHash } from './validator/request-hash.validator'
 
-class AuthenticationDto {
-  @ApiProperty()
-  signature: SignatureDto
-}
-
-class ApprovalDto {
-  @ApiProperty({
-    type: () => SignatureDto,
-    isArray: true
-  })
-  signatures: SignatureDto[]
-}
-
 @ApiExtraModels(SignTransactionRequestDto, SignMessageRequestDto)
 export class AuthorizationRequestDto {
   @IsEnum(SupportedAction)
@@ -29,11 +16,18 @@ export class AuthorizationRequestDto {
   })
   action: `${SupportedAction}`
 
+  @IsDefined()
+  @ValidateNested()
   @ApiProperty()
-  authentication: AuthenticationDto
+  authentication: SignatureDto
 
-  @ApiProperty()
-  approval: ApprovalDto
+  @IsDefined()
+  @ValidateNested()
+  @ApiProperty({
+    type: () => SignatureDto,
+    isArray: true
+  })
+  approvals: SignatureDto[]
 
   @ValidateNested()
   @Type((opts) => {

diff --git a/apps/orchestration/src/policy-engine/http/rest/dto/signature.dto.ts b/apps/orchestration/src/policy-engine/http/rest/dto/signature.dto.ts
@@ -1,14 +1,23 @@
 import { ApiProperty } from '@nestjs/swagger'
-import { IsDefined, IsString } from 'class-validator'
+import { IsDefined, IsOptional, IsString } from 'class-validator'
 
 export class SignatureDto {
+  @IsString()
   @IsDefined()
+  @ApiProperty()
+  sig: string
+
   @IsString()
+  @IsDefined()
   @ApiProperty()
-  hash: string
+  pubKey: string
 
+  @IsString()
+  @IsOptional()
   @ApiProperty({
-    enum: ['ECDSA']
+    default: 'ES256K',
+    enum: ['ES256K'],
+    required: false
   })
-  type?: string = 'ECDSA'
+  alg?: string = 'ES256K'
 }
diff --git a/packages/authz-shared/.babelrc b/packages/authz-shared/.babelrc
@@ -0,0 +1,3 @@
+{
+  "presets": [["@nrwl/js/babel", { "useBuiltIns": "usage" }]]
+}
diff --git a/packages/authz-shared/.eslintrc.json b/packages/authz-shared/.eslintrc.json
@@ -0,0 +1,18 @@
+{
+  "extends": ["../../.eslintrc.json"],
+  "ignorePatterns": ["!**/*"],
+  "overrides": [
+    {
+      "files": ["*.ts", "*.tsx", "*.js", "*.jsx"],
+      "rules": {}
+    },
+    {
+      "files": ["*.ts", "*.tsx"],
+      "rules": {}
+    },
+    {
+      "files": ["*.js", "*.jsx"],
+      "rules": {}
+    }
+  ]
+}
diff --git a/packages/authz-shared/Makefile b/packages/authz-shared/Makefile
@@ -0,0 +1,7 @@
+AUTHZ_SHARED_PROJECT_NAME := authz-shared
+
+authz-shared/test/unit:
+	npx nx test:unit ${AUTHZ_SHARED_PROJECT_NAME} -- ${ARGS}
+
+authz-shared/test/unit/watch:
+	make authz-shared/test/unit ARGS=--watch
diff --git a/packages/authz-shared/README.md b/packages/authz-shared/README.md
@@ -0,0 +1,11 @@
+# AuthZ Shared
+
+This library contains the shared kernel like types and utility functions of the
+AuthZ application.
+
+## Testing
+
+```bash
+ make authz-shared/test/unit
+ make authz-shared/test/unit/watch
+```
diff --git a/packages/authz-shared/jest.config.ts b/packages/authz-shared/jest.config.ts
@@ -0,0 +1,16 @@
+import type { Config } from 'jest'
+
+const config: Config = {
+  displayName: 'authz-shared',
+  preset: '../../jest.preset.js',
+  testEnvironment: 'node',
+  transform: {
+    '^.+\\.[tj]sx?$': ['ts-jest', { tsconfig: '<rootDir>/tsconfig.spec.json' }]
+  },
+  moduleFileExtensions: ['ts', 'tsx', 'js', 'jsx'],
+  moduleNameMapper: {
+    '^@narval/authz-shared/(.*)$': '<rootDir>/src/$1'
+  }
+}
+
+export default config
diff --git a/packages/authz-shared/jest.unit.ts b/packages/authz-shared/jest.unit.ts
@@ -0,0 +1,9 @@
+import type { Config } from 'jest'
+import sharedConfig from './jest.config'
+
+const config: Config = {
+  ...sharedConfig,
+  testMatch: ['<rootDir>/**/__test__/unit/**/*.spec.ts']
+}
+
+export default config
diff --git a/packages/authz-shared/project.json b/packages/authz-shared/project.json
@@ -0,0 +1,24 @@
+{
+  "name": "authz-shared",
+  "$schema": "../../node_modules/nx/schemas/project-schema.json",
+  "sourceRoot": "packages/authz-shared/src",
+  "projectType": "library",
+  "targets": {
+    "lint": {
+      "executor": "@nx/eslint:lint",
+      "outputs": ["{options.outputFile}"],
+      "options": {
+        "lintFilePatterns": ["packages/authz-shared/**/*.ts"]
+      }
+    },
+    "test:unit": {
+      "executor": "@nx/jest:jest",
+      "outputs": ["{workspaceRoot}/coverage/{projectRoot}"],
+      "options": {
+        "jestConfig": "packages/authz-shared/jest.unit.ts",
+        "verbose": true
+      }
+    }
+  },
+  "tags": []
+}
diff --git a/packages/authz-shared/src/index.ts b/packages/authz-shared/src/index.ts
@@ -0,0 +1,2 @@
+export * from './lib/type/domain.type'
+export * from './lib/util/json.util'
diff --git a/packages/authz-shared/src/lib/type/domain.type.ts b/packages/authz-shared/src/lib/type/domain.type.ts
@@ -0,0 +1,56 @@
+export enum Action {
+  CREATE_USER = 'user:create',
+  EDIT_USER = 'user:edit',
+  DELETE_USER = 'user:delete',
+  CHANGE_USER_ROLE = 'user:change-role',
+
+  CREATE_WALLET = 'wallet:create',
+  EDIT_WALLET = 'wallet:edit',
+  ASSIGN_WALLET = 'wallet:assign',
+  UNASSIGN_WALLET = 'wallet:unassign',
+
+  CREATE_USER_GROUP = 'user-group:create',
+  EDIT_USER_GROUP = 'user-group:edit',
+  DELETE_USER_GROUP = 'user-group:delete',
+
+  CREATE_WALLET_GROUP = 'wallet-group:create',
+  EDIT_WALLET_GROUP = 'wallet-group:edit',
+  DELETE_WALLET_GROUP = 'wallet-group:delete',
+
+  SET_POLICY_RULES = 'setPolicyRules',
+
+  SIGN_TRANSACTION = 'signTransaction',
+  SIGN_RAW = 'signRaw',
+  SIGN_MESSAGE = 'signMessage',
+  SIGN_TYPED_DATA = 'signTypedData'
+}
+
+export type Hex = `0x${string}`
+
+export type Address = `0x${string}`
+
+export type AccessList = {
+  address: Address
+  storageKeys: Hex[]
+}[]
+
+/**
+ * @see https://viem.sh/docs/glossary/types#transactiontype
+ */
+export enum TransactionType {
+  LEGACY = 'legacy',
+  EIP2930 = 'eip2930',
+  EIP1559 = 'eip1559'
+}
+
+export type TransactionRequest = {
+  chainId: number
+  from: Address
+  nonce: number
+  accessList?: AccessList
+  data?: Hex
+  gas?: bigint
+  to?: Address | null
+  type?: `${TransactionType}`
+  value?: Hex
+}