diff --git a/soroban-react-dapp/README.md b/soroban-react-dapp/README.md index 766edd8..3ed1492 100644 --- a/soroban-react-dapp/README.md +++ b/soroban-react-dapp/README.md @@ -43,6 +43,148 @@ The contracts workflow happens in the `contracts/` folder. Here you can see that Every new contract should be in its own folder, and the folder should be named the same name as the name of the contract in its `cargo.toml` file. You can check how the `tweaked_greeting` contract is changed from the `greeting` contract and you can also start from this to build your own contract. +**Challenge contract** + +> _This challenge contract is to add authorization controls to the contract so only specific addresses can modify a title. Implement address management and `required_auth` to verify authorized changes._ + +- `init` instruction + +add init instruction to set admin for contract initial. + +```rust +// initialize the contract and set the admin + pub fn init(env: Env, admin: Address) -> Result<(), Error> { + let storage = env.storage().instance(); + admin.require_auth(); + if storage.has(&Assets::Admin) { + return Err(Error::AlreadyInitialized); + } + storage.set(&Assets::Admin, &admin); + Ok(()) + } +``` + +- `add_editor` instruction + +admin can add editors who can modify the title + +```rust +pub fn add_editor(env: Env, new_editor: Address) -> Result<(), Error>{ + let storage = env.storage().instance(); + let admin: Address = storage.get(&Assets::Admin).unwrap(); + admin.require_auth(); + + let mut editors: Vec
= storage.get(&Assets::Editors).unwrap_or(Vec::new(&env)); + if !editors.contains(&new_editor) { + editors.push_front(new_editor); + env.storage().instance().set(&Assets::Editors, &editors); + Ok(()) + } else { + Err(Error::AlreadyExist) + } + } +``` + +- `remove_editor` instruction + +admin can remove editor from their list. + +```rust +// remove wallets from editors + pub fn remove_editor(env: Env, editor_to_remove: Address) { + let storage = env.storage().instance(); + let admin: Address = storage.get(&Assets::Admin).unwrap(); + admin.require_auth(); + + let mut editors: Vec
= storage.get(&Assets::Editors).unwrap_or(Vec::new(&env)); + editors + .first_index_of(&editor_to_remove) + .map(|index| editors.remove(index)); + env.storage().instance().set(&Assets::Editors, &editors); + } +``` + +- `set_title` instruction + +editors can modify the tile, if not editor, it cause UnAthorized Error. + +```rust +// set the title only available editors + pub fn set_title(env: Env, user: Address, title: String) -> Result<(), Error> { + user.require_auth(); + let storage = env.storage().instance(); + let admin: Address = storage.get(&Assets::Admin).unwrap_or_else(|| { + // You can log or handle the error here + // In this case, we'll return an error + return Err(Error::NotInitialized); + })?; + + let editors: Vec
= storage.get(&Assets::Editors).unwrap_or(Vec::new(&env)); + if editors.contains(&user) || user.eq(&admin) { + env.storage().instance().set(&Assets::Title, &title); + Ok(()) + } else { + Err(Error::Unauthorized) + } + } +``` + +**Test Contract** + +- `require_auth` test + +```rust +// mofify the title with editors + client.set_title(&new_editor, &String::from_str(&env, "Hello, Stellar")); + + // test for require_auth + assert_eq!( + env.auths(), + std::vec![( + // Address for which authorization check is performed + new_editor.clone(), + // Invocation tree that needs to be authorized + AuthorizedInvocation { + // Function that is authorized. Can be a contract function or + // a host function that requires authorization. + function: AuthorizedFunction::Contract(( + // Address of the called contract + contract_id.clone(), + // Name of the called function + symbol_short!("set_title"), + // Arguments used to call `set_title` + vec![&env, new_editor.to_val(), String::from_str(&env, "Hello, Stellar").into()] + )), + // The contract doesn't call any other contracts that require + // authorization, + sub_invocations: std::vec![] + } + )] + ); +``` + +- `set_title` and `add_editor` test + +```rust +// test either everyone access to modify title or not + let _ = client.try_set_title(&new_editor, &String::from_str(&env, "Hello, Stellar")); + let client_title = client.read_title(); + assert_eq!(client_title, String::from_str(&env, "Default Title")); + +// test with new title + let client_new_title = client.read_title(); + assert_eq!(client_new_title, String::from_str(&env, "Hello, Stellar")); + + // remove editors by admin + let _ = client.remove_editor(&new_editor); + let admins = client.fetch_editors(); + assert_eq!(admins.len(), 1); +``` + + + + + To build the contracts you can simply invoke the `make` command which will recursively build all contracts by propagating the `make` command to subfolders. Each contract needs to have its own `Makefile` for this to work. The `Makefile` from the greeting contract is a generic one and can be copied and paste to use with any of your new contract. If you are not familiar or comfortable with Makefiles you can simply go in the directory of the contract you want to compile and run @@ -96,4 +238,4 @@ You then need to adapt the `contractInvoke()` calls in these functions to match Finally feel, of course, free to change the front-end how you wish, to match your desired functionalities. -*Good luck building!* \ No newline at end of file +*Good luck building!* diff --git a/soroban-react-dapp/contracts/deployments.json b/soroban-react-dapp/contracts/deployments.json index 4b7ef89..2c87ca0 100644 --- a/soroban-react-dapp/contracts/deployments.json +++ b/soroban-react-dapp/contracts/deployments.json @@ -7,6 +7,6 @@ { "contractId": "greeting", "networkPassphrase": "Test SDF Network ; September 2015", - "contractAddress": "CBFLKMLYVCBP3MM6FTJZV57GZDHZ5G7CPNPTPQEVLEY2EZS6CRH54CAF" + "contractAddress": "CC7LM32RVA7FSWIDQS7DSYAZWKA2NBIS2PSIDX2NZOCKFVZWBMDP3ZV3" } ] \ No newline at end of file diff --git a/soroban-react-dapp/contracts/greeting/src/lib.rs b/soroban-react-dapp/contracts/greeting/src/lib.rs index 3a01dde..0f91f60 100755 --- a/soroban-react-dapp/contracts/greeting/src/lib.rs +++ b/soroban-react-dapp/contracts/greeting/src/lib.rs @@ -10,6 +10,8 @@ pub struct TitleContract; pub enum Error { Unauthorized = 1, AlreadyInitialized = 2, + NotInitialized = 3, + AlreadyExist = 4, // when editor already exist, add_editor invoke this error } #[contractimpl] @@ -29,7 +31,12 @@ impl TitleContract { pub fn set_title(env: Env, user: Address, title: String) -> Result<(), Error> { user.require_auth(); let storage = env.storage().instance(); - let admin: Address = storage.get(&Assets::Admin).unwrap(); + let admin: Address = storage.get(&Assets::Admin).unwrap_or_else(|| { + // You can log or handle the error here + // In this case, we'll return an error + return Err(Error::NotInitialized); + })?; + let editors: Vec
= storage.get(&Assets::Editors).unwrap_or(Vec::new(&env)); if editors.contains(&user) || user.eq(&admin) { env.storage().instance().set(&Assets::Title, &title); @@ -50,7 +57,7 @@ impl TitleContract { /// ***** Address Management ***** /// // add wallet address for editors - pub fn add_editor(env: Env, new_editor: Address) { + pub fn add_editor(env: Env, new_editor: Address) -> Result<(), Error>{ let storage = env.storage().instance(); let admin: Address = storage.get(&Assets::Admin).unwrap(); admin.require_auth(); @@ -59,18 +66,21 @@ impl TitleContract { if !editors.contains(&new_editor) { editors.push_front(new_editor); env.storage().instance().set(&Assets::Editors, &editors); + Ok(()) + } else { + Err(Error::AlreadyExist) } } // remove wallets from editors - pub fn remove_editor(env: Env, remover: Address) { + pub fn remove_editor(env: Env, editor_to_remove: Address) { let storage = env.storage().instance(); let admin: Address = storage.get(&Assets::Admin).unwrap(); admin.require_auth(); let mut editors: Vec
= storage.get(&Assets::Editors).unwrap_or(Vec::new(&env)); editors - .first_index_of(&remover) + .first_index_of(&editor_to_remove) .map(|index| editors.remove(index)); env.storage().instance().set(&Assets::Editors, &editors); } diff --git a/soroban-react-dapp/contracts/greeting/src/test.rs b/soroban-react-dapp/contracts/greeting/src/test.rs index 2379db5..e0851cf 100755 --- a/soroban-react-dapp/contracts/greeting/src/test.rs +++ b/soroban-react-dapp/contracts/greeting/src/test.rs @@ -1,7 +1,9 @@ #![cfg(test)] +extern crate std; + use super::*; -use soroban_sdk::{testutils::Address as _, Address, Env, String}; +use soroban_sdk::{symbol_short, testutils::{Address as _, AuthorizedFunction, AuthorizedInvocation}, vec, Address, Env, String}; #[test] fn test() { @@ -34,6 +36,33 @@ fn test() { // mofify the title with editors client.set_title(&new_editor, &String::from_str(&env, "Hello, Stellar")); + + // test for require_auth + assert_eq!( + env.auths(), + std::vec![( + // Address for which authorization check is performed + new_editor.clone(), + // Invocation tree that needs to be authorized + AuthorizedInvocation { + // Function that is authorized. Can be a contract function or + // a host function that requires authorization. + function: AuthorizedFunction::Contract(( + // Address of the called contract + contract_id.clone(), + // Name of the called function + symbol_short!("set_title"), + // Arguments used to call `set_title` + vec![&env, new_editor.to_val(), String::from_str(&env, "Hello, Stellar").into()] + )), + // The contract doesn't call any other contracts that require + // authorization, + sub_invocations: std::vec![] + } + )] + ); + + // test with new title let client_new_title = client.read_title(); assert_eq!(client_new_title, String::from_str(&env, "Hello, Stellar")); diff --git a/soroban-react-dapp/contracts/greeting/test_snapshots/test/test_unauthorized_set_greet.1.json b/soroban-react-dapp/contracts/greeting/test_snapshots/test/test_unauthorized_set_greet.1.json new file mode 100644 index 0000000..cf80df5 --- /dev/null +++ b/soroban-react-dapp/contracts/greeting/test_snapshots/test/test_unauthorized_set_greet.1.json @@ -0,0 +1,248 @@ +{ + "generators": { + "address": 4, + "nonce": 0 + }, + "auth": [ + [] + ], + "ledger": { + "protocol_version": 21, + "sequence_number": 0, + "timestamp": 0, + "network_id": "0000000000000000000000000000000000000000000000000000000000000000", + "base_reserve": 0, + "min_persistent_entry_ttl": 4096, + "min_temp_entry_ttl": 16, + "max_entry_ttl": 6312000, + "ledger_entries": [ + [ + { + "contract_data": { + "contract": "CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD2KM", + "key": "ledger_key_contract_instance", + "durability": "persistent" + } + }, + [ + { + "last_modified_ledger_seq": 0, + "data": { + "contract_data": { + "ext": "v0", + "contract": "CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD2KM", + "key": "ledger_key_contract_instance", + "durability": "persistent", + "val": { + "contract_instance": { + "executable": { + "wasm": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" + }, + "storage": null + } + } + } + }, + "ext": "v0" + }, + 4095 + ] + ], + [ + { + "contract_code": { + "hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" + } + }, + [ + { + "last_modified_ledger_seq": 0, + "data": { + "contract_code": { + "ext": "v0", + "hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "code": "" + } + }, + "ext": "v0" + }, + 4095 + ] + ] + ] + }, + "events": [ + { + "event": { + "ext": "v0", + "contract_id": null, + "type_": "diagnostic", + "body": { + "v0": { + "topics": [ + { + "symbol": "fn_call" + }, + { + "bytes": "0000000000000000000000000000000000000000000000000000000000000001" + }, + { + "symbol": "init" + } + ], + "data": { + "address": "CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFCT4" + } + } + } + }, + "failed_call": false + }, + { + "event": { + "ext": "v0", + "contract_id": "0000000000000000000000000000000000000000000000000000000000000001", + "type_": "diagnostic", + "body": { + "v0": { + "topics": [ + { + "symbol": "error" + }, + { + "error": { + "auth": "invalid_action" + } + } + ], + "data": { + "vec": [ + { + "string": "Unauthorized function call for address" + }, + { + "address": "CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFCT4" + } + ] + } + } + } + }, + "failed_call": true + }, + { + "event": { + "ext": "v0", + "contract_id": "0000000000000000000000000000000000000000000000000000000000000001", + "type_": "diagnostic", + "body": { + "v0": { + "topics": [ + { + "symbol": "error" + }, + { + "error": { + "auth": "invalid_action" + } + } + ], + "data": { + "string": "escalating error to panic" + } + } + } + }, + "failed_call": true + }, + { + "event": { + "ext": "v0", + "contract_id": "0000000000000000000000000000000000000000000000000000000000000001", + "type_": "diagnostic", + "body": { + "v0": { + "topics": [ + { + "symbol": "error" + }, + { + "error": { + "auth": "invalid_action" + } + } + ], + "data": { + "string": "caught error from function" + } + } + } + }, + "failed_call": true + }, + { + "event": { + "ext": "v0", + "contract_id": null, + "type_": "diagnostic", + "body": { + "v0": { + "topics": [ + { + "symbol": "error" + }, + { + "error": { + "auth": "invalid_action" + } + } + ], + "data": { + "vec": [ + { + "string": "contract call failed" + }, + { + "symbol": "init" + }, + { + "vec": [ + { + "address": "CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFCT4" + } + ] + } + ] + } + } + } + }, + "failed_call": false + }, + { + "event": { + "ext": "v0", + "contract_id": null, + "type_": "diagnostic", + "body": { + "v0": { + "topics": [ + { + "symbol": "error" + }, + { + "error": { + "auth": "invalid_action" + } + } + ], + "data": { + "string": "escalating error to panic" + } + } + } + }, + "failed_call": false + } + ] +} \ No newline at end of file