159 lines
4.2 KiB
Go
159 lines
4.2 KiB
Go
package auth
|
|
|
|
import (
|
|
"bytes"
|
|
"fmt"
|
|
|
|
sdk "github.com/cosmos/cosmos-sdk/types"
|
|
"github.com/spf13/viper"
|
|
)
|
|
|
|
// NewAnteHandler returns an AnteHandler that checks
|
|
// and increments sequence numbers, checks signatures,
|
|
// and deducts fees from the first signer.
|
|
func NewAnteHandler(accountMapper sdk.AccountMapper) sdk.AnteHandler {
|
|
return func(
|
|
ctx sdk.Context, tx sdk.Tx,
|
|
) (_ sdk.Context, _ sdk.Result, abort bool) {
|
|
|
|
// Assert that there are signatures.
|
|
var sigs = tx.GetSignatures()
|
|
if len(sigs) == 0 {
|
|
return ctx,
|
|
sdk.ErrUnauthorized("no signers").Result(),
|
|
true
|
|
}
|
|
|
|
// TODO: can tx just implement message?
|
|
msg := tx.GetMsg()
|
|
|
|
// TODO: will this always be a stdtx? should that be used in the function signature?
|
|
stdTx, ok := tx.(sdk.StdTx)
|
|
if !ok {
|
|
return ctx, sdk.ErrInternal("tx must be sdk.StdTx").Result(), true
|
|
}
|
|
|
|
// Assert that number of signatures is correct.
|
|
var signerAddrs = msg.GetSigners()
|
|
if len(sigs) != len(signerAddrs) {
|
|
return ctx,
|
|
sdk.ErrUnauthorized("wrong number of signers").Result(),
|
|
true
|
|
}
|
|
|
|
// Get the sign bytes (requires all sequence numbers and the fee)
|
|
sequences := make([]int64, len(signerAddrs))
|
|
for i := 0; i < len(signerAddrs); i++ {
|
|
sequences[i] = sigs[i].Sequence
|
|
}
|
|
fee := stdTx.Fee
|
|
chainID := ctx.ChainID()
|
|
// XXX: major hack; need to get ChainID
|
|
// into the app right away (#565)
|
|
if chainID == "" {
|
|
chainID = viper.GetString("chain-id")
|
|
}
|
|
signBytes := sdk.StdSignBytes(ctx.ChainID(), sequences, fee, msg)
|
|
|
|
// Check sig and nonce and collect signer accounts.
|
|
var signerAccs = make([]sdk.Account, len(signerAddrs))
|
|
for i := 0; i < len(sigs); i++ {
|
|
signerAddr, sig := signerAddrs[i], sigs[i]
|
|
|
|
// check signature, return account with incremented nonce
|
|
signerAcc, res := processSig(
|
|
ctx, accountMapper,
|
|
signerAddr, sig, signBytes,
|
|
)
|
|
if !res.IsOK() {
|
|
return ctx, res, true
|
|
}
|
|
|
|
// first sig pays the fees
|
|
if i == 0 {
|
|
// TODO: min fee
|
|
if !fee.Amount.IsZero() {
|
|
signerAcc, res = deductFees(signerAcc, fee)
|
|
if !res.IsOK() {
|
|
return ctx, res, true
|
|
}
|
|
}
|
|
}
|
|
|
|
// Save the account.
|
|
accountMapper.SetAccount(ctx, signerAcc)
|
|
signerAccs[i] = signerAcc
|
|
}
|
|
|
|
// cache the signer accounts in the context
|
|
ctx = WithSigners(ctx, signerAccs)
|
|
|
|
// TODO: tx tags (?)
|
|
|
|
return ctx, sdk.Result{}, false // continue...
|
|
}
|
|
}
|
|
|
|
// verify the signature and increment the sequence.
|
|
// if the account doesn't have a pubkey, set it.
|
|
func processSig(
|
|
ctx sdk.Context, am sdk.AccountMapper,
|
|
addr sdk.Address, sig sdk.StdSignature, signBytes []byte) (
|
|
acc sdk.Account, res sdk.Result) {
|
|
|
|
// Get the account.
|
|
acc = am.GetAccount(ctx, addr)
|
|
if acc == nil {
|
|
return nil, sdk.ErrUnknownAddress(addr.String()).Result()
|
|
}
|
|
|
|
// Check and increment sequence number.
|
|
seq := acc.GetSequence()
|
|
if seq != sig.Sequence {
|
|
return nil, sdk.ErrInvalidSequence(
|
|
fmt.Sprintf("Invalid sequence. Got %d, expected %d", sig.Sequence, seq)).Result()
|
|
}
|
|
acc.SetSequence(seq + 1)
|
|
|
|
// If pubkey is not known for account,
|
|
// set it from the StdSignature.
|
|
pubKey := acc.GetPubKey()
|
|
if pubKey.Empty() {
|
|
pubKey = sig.PubKey
|
|
if pubKey.Empty() {
|
|
return nil, sdk.ErrInvalidPubKey("PubKey not found").Result()
|
|
}
|
|
if !bytes.Equal(pubKey.Address(), addr) {
|
|
return nil, sdk.ErrInvalidPubKey(
|
|
fmt.Sprintf("PubKey does not match Signer address %v", addr)).Result()
|
|
}
|
|
err := acc.SetPubKey(pubKey)
|
|
if err != nil {
|
|
return nil, sdk.ErrInternal("setting PubKey on signer's account").Result()
|
|
}
|
|
}
|
|
|
|
// Check sig.
|
|
if !pubKey.VerifyBytes(signBytes, sig.Signature) {
|
|
return nil, sdk.ErrUnauthorized("signature verification failed").Result()
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
// Deduct the fee from the account.
|
|
// We could use the CoinKeeper (in addition to the AccountMapper,
|
|
// because the CoinKeeper doesn't give us accounts), but it seems easier to do this.
|
|
func deductFees(acc sdk.Account, fee sdk.StdFee) (sdk.Account, sdk.Result) {
|
|
coins := acc.GetCoins()
|
|
feeAmount := fee.Amount
|
|
|
|
newCoins := coins.Minus(feeAmount)
|
|
if !newCoins.IsNotNegative() {
|
|
errMsg := fmt.Sprintf("%s < %s", coins, feeAmount)
|
|
return nil, sdk.ErrInsufficientFunds(errMsg).Result()
|
|
}
|
|
acc.SetCoins(newCoins)
|
|
return acc, sdk.Result{}
|
|
}
|