soroban_sdk/auth.rs
1//! Auth contains types for building custom account contracts.
2
3use crate::{contracttype, crypto::Hash, Address, BytesN, Env, Error, Symbol, Val, Vec};
4
5/// Context of a single authorized call performed by an address.
6///
7/// Custom account contracts that implement `__check_auth` special function
8/// receive a list of `Context` values corresponding to all the calls that
9/// need to be authorized.
10#[derive(Clone)]
11#[contracttype(crate_path = "crate", export = false)]
12pub enum Context {
13 /// Contract invocation.
14 Contract(ContractContext),
15 /// Contract that has a constructor with no arguments is created.
16 CreateContractHostFn(CreateContractHostFnContext),
17 /// Contract that has a constructor with 1 or more arguments is created.
18 CreateContractWithCtorHostFn(CreateContractWithConstructorHostFnContext),
19}
20
21/// Authorization context of a single contract call.
22///
23/// This struct corresponds to a `require_auth_for_args` call for an address
24/// from `contract` function with `fn_name` name and `args` arguments.
25#[derive(Clone)]
26#[contracttype(crate_path = "crate", export = false)]
27pub struct ContractContext {
28 pub contract: Address,
29 pub fn_name: Symbol,
30 pub args: Vec<Val>,
31}
32
33/// Authorization context for `create_contract` host function that creates a
34/// new contract on behalf of authorizer address.
35#[derive(Clone)]
36#[contracttype(crate_path = "crate", export = false)]
37pub struct CreateContractHostFnContext {
38 pub executable: ContractExecutable,
39 pub salt: BytesN<32>,
40}
41
42/// Authorization context for `create_contract` host function that creates a
43/// new contract on behalf of authorizer address.
44/// This is the same as `CreateContractHostFnContext`, but also has
45/// contract constructor arguments.
46#[derive(Clone)]
47#[contracttype(crate_path = "crate", export = false)]
48pub struct CreateContractWithConstructorHostFnContext {
49 pub executable: ContractExecutable,
50 pub salt: BytesN<32>,
51 pub constructor_args: Vec<Val>,
52}
53
54/// Contract executable used for creating a new contract and used in
55/// `CreateContractHostFnContext`.
56#[derive(Clone)]
57#[contracttype(crate_path = "crate", export = false)]
58pub enum ContractExecutable {
59 Wasm(BytesN<32>),
60}
61
62/// A node in the tree of authorizations performed on behalf of the current
63/// contract as invoker of the contracts deeper in the call stack.
64///
65/// This is used as an argument of `authorize_as_current_contract` host function.
66///
67/// This tree corresponds `require_auth[_for_args]` calls on behalf of the
68/// current contract.
69#[derive(Clone)]
70#[contracttype(crate_path = "crate", export = false)]
71pub enum InvokerContractAuthEntry {
72 /// Invoke a contract.
73 Contract(SubContractInvocation),
74 /// Create a contract passing 0 arguments to constructor.
75 CreateContractHostFn(CreateContractHostFnContext),
76 /// Create a contract passing 0 or more arguments to constructor.
77 CreateContractWithCtorHostFn(CreateContractWithConstructorHostFnContext),
78}
79
80/// Value of contract node in InvokerContractAuthEntry tree.
81#[derive(Clone)]
82#[contracttype(crate_path = "crate", export = false)]
83pub struct SubContractInvocation {
84 pub context: ContractContext,
85 pub sub_invocations: Vec<InvokerContractAuthEntry>,
86}
87
88/// Custom account interface that a contract implements to support being used
89/// as a custom account for auth.
90///
91/// Once a contract implements the interface, call to [`Address::require_auth`]
92/// for the contract's address will call its `__check_auth` implementation.
93pub trait CustomAccountInterface {
94 type Signature;
95 type Error: Into<Error>;
96
97 /// Check that the signatures and auth contexts are valid.
98 fn __check_auth(
99 env: Env,
100 signature_payload: Hash<32>,
101 signatures: Self::Signature,
102 auth_contexts: Vec<Context>,
103 ) -> Result<(), Self::Error>;
104}