feat: wallet: per-token filtering rules #8428
Conversation
magik6k
force-pushed
the
feat/wallet-rules
branch
2 times, most recently
from
d97f625
to
ade6cec
Compare
There was a problem hiding this comment.
I'd imagine a lot of people are going to want to write these rules directly in go and generate them due to the complexity of the nested structure and reuse of common rules.
We should make sure that all required methods are exported to support generating rules. This will also allow people to test and verify that their rules work as intended.
magik6k
force-pushed
the
feat/wallet-rules
branch
from
c1555c6
to
aab8073
Compare
magik6k
changed the title
| // Token creation time. Can be used to revoke older tokens | ||
| Created time.Time | ||
|
|
||
| // Rules limit actions which can be performed with a tokes. By default, when |
There was a problem hiding this comment.
| // Rules limit actions which can be performed with a tokes. By default, when | |
| // Rules limit actions which can be performed with a token. By default, when |
| is one of the specified addresses | ||
| - {"Destination": {"Addr":["fXXX",..], "Next": Rule}} - Check that the | ||
| destination address is one of the specified addresses | ||
| - {"Method": {"Method":[number..], "Next": Rule}} - Check that the method number |
There was a problem hiding this comment.
This gets somewhat limited because MethodNums overlap between actors (so you can't easily only allow SubmitWindowedPost without also allowing whatever number 5 is for all the other actors)...It's fine, though I would call it out in the examples below.
There was a problem hiding this comment.
@arajasek Wouldn't you just chain a destination rule with the Method rule to make sure you're calling the right method?
There was a problem hiding this comment.
@geoff-vball Yeah, that would work, but then you're only approving PoSts to specific miner addresses (which is not an unreasonable restriction). Slightly blunts the overall utility.
| } | ||
| fallthrough | ||
| case ErrAccept: | ||
|
|
There was a problem hiding this comment.
Add comment that we explicitly "do nothing" here?
| "github.com/ipfs/go-cid" | ||
| "golang.org/x/xerrors" | ||
|
|
||
| market0 "github.com/filecoin-project/specs-actors/actors/builtin/market" |
There was a problem hiding this comment.
| market0 "github.com/filecoin-project/specs-actors/actors/builtin/market" | |
| markettypes "github.com/filecoin-project/go-state-types/builtin/v8/market |
|
The client's lotus/node/impl/client/client.go Line 263 in 2d2b064 This method always indicates the type as Unknown, which could cause issues... lotus/node/impl/full/wallet.go Line 44 in c41777d |
|
@magik6k Do you plan to work, and land this anytime soon? Else, should we close it? |
|
Returning the PR to draft. |
Related Issues
resolves #7670
Proposed Changes
This PR adds experimental lotus-wallet filtering rules. For more see the lotus-wallet command description.
TODO
Additional Info
Checklist
Before you mark the PR ready for review, please make sure that:
<PR type>: <area>: <change being made>fix: mempool: Introduce a cache for valid signaturesPR type: fix, feat, INTERFACE BREAKING CHANGE, CONSENSUS BREAKING, build, chore, ci, docs,perf, refactor, revert, style, testarea: api, chain, state, vm, data transfer, market, mempool, message, block production, multisig, networking, paychan, proving, sealing, wallet, deps