-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: wallet: per-token filtering rules #8428
base: master
Are you sure you want to change the base?
Conversation
d97f625
to
ade6cec
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd imagine a lot of people are going to want to write these rules directly in go and generate them due to the complexity of the nested structure and reuse of common rules.
We should make sure that all required methods are exported to support generating rules. This will also allow people to test and verify that their rules work as intended.
c1555c6
to
aab8073
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some notes, not done yet.
// Token creation time. Can be used to revoke older tokens | ||
Created time.Time | ||
|
||
// Rules limit actions which can be performed with a tokes. By default, when |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// Rules limit actions which can be performed with a tokes. By default, when | |
// Rules limit actions which can be performed with a token. By default, when |
is one of the specified addresses | ||
- {"Destination": {"Addr":["fXXX",..], "Next": Rule}} - Check that the | ||
destination address is one of the specified addresses | ||
- {"Method": {"Method":[number..], "Next": Rule}} - Check that the method number |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This gets somewhat limited because MethodNums overlap between actors (so you can't easily only allow SubmitWindowedPost without also allowing whatever number 5 is for all the other actors)...It's fine, though I would call it out in the examples below.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@arajasek Wouldn't you just chain a destination rule with the Method rule to make sure you're calling the right method?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@geoff-vball Yeah, that would work, but then you're only approving PoSts to specific miner addresses (which is not an unreasonable restriction). Slightly blunts the overall utility.
} | ||
fallthrough | ||
case ErrAccept: | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add comment that we explicitly "do nothing" here?
"github.com/ipfs/go-cid" | ||
"golang.org/x/xerrors" | ||
|
||
market0 "github.com/filecoin-project/specs-actors/actors/builtin/market" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
market0 "github.com/filecoin-project/specs-actors/actors/builtin/market" | |
markettypes "github.com/filecoin-project/go-state-types/builtin/v8/market |
The client's lotus/node/impl/client/client.go Line 263 in 2d2b064
This method always indicates the type as Unknown, which could cause issues... lotus/node/impl/full/wallet.go Line 44 in c41777d
|
@magik6k Do you plan to work, and land this anytime soon? Else, should we close it? |
Returning the PR to draft. |
Related Issues
resolves #7670
Proposed Changes
This PR adds experimental lotus-wallet filtering rules. For more see the lotus-wallet command description.
TODO
Additional Info
Checklist
Before you mark the PR ready for review, please make sure that:
<PR type>: <area>: <change being made>
fix: mempool: Introduce a cache for valid signatures
PR type
: fix, feat, INTERFACE BREAKING CHANGE, CONSENSUS BREAKING, build, chore, ci, docs,perf, refactor, revert, style, testarea
: api, chain, state, vm, data transfer, market, mempool, message, block production, multisig, networking, paychan, proving, sealing, wallet, deps