configurable custody service

Author: turbocrime

packages/services/src/ctx/approver.ts

@@ -0,0 +1,10 @@
+import { PlainMessage } from '@bufbuild/protobuf';
+import { createContextKey } from '@connectrpc/connect';
+import {
+  AuthorizeRequest,
+  AuthorizeResponse,
+} from '@penumbra-zone/protobuf/penumbra/custody/v1/custody_pb';
+
+export const authorizeCtx = createContextKey<
+  (req: PlainMessage<AuthorizeRequest>) => Promise<PlainMessage<AuthorizeResponse>>
+>(undefined as never);

packages/services/src/ctx/authorize.ts

@@ -1,27 +1,33 @@
-import { beforeEach, describe, expect, Mock, test, vi } from 'vitest';
+import { PlainMessage } from '@bufbuild/protobuf';
 import { createContextValues, createHandlerContext, HandlerContext } from '@connectrpc/connect';
-import { approverCtx } from '../ctx/approver.js';
-import { servicesCtx } from '../ctx/prax.js';
-import { testFullViewingKey, testSpendKey } from '../test-utils.js';
-import { authorize } from './authorize.js';
-import { AuthorizeRequest } from '@penumbra-zone/protobuf/penumbra/custody/v1/custody_pb';
 import { CustodyService } from '@penumbra-zone/protobuf';
+import { Metadata } from '@penumbra-zone/protobuf/penumbra/core/asset/v1/asset_pb';
 import {
   AuthorizationData,
   TransactionPlan,
 } from '@penumbra-zone/protobuf/penumbra/core/transaction/v1/transaction_pb';
+import {
+  AuthorizeRequest,
+  AuthorizeResponse,
+} from '@penumbra-zone/protobuf/penumbra/custody/v1/custody_pb';
 import type { ServicesInterface } from '@penumbra-zone/types/services';
-import { Metadata } from '@penumbra-zone/protobuf/penumbra/core/asset/v1/asset_pb';
-import { UserChoice } from '@penumbra-zone/types/user-choice';
+import { authorizePlan } from '@penumbra-zone/wasm/build';
+import { beforeEach, describe, expect, Mock, test, vi } from 'vitest';
+import { authorizeCtx } from '../ctx/authorize.js';
 import { fvkCtx } from '../ctx/full-viewing-key.js';
-import { skCtx } from '../ctx/spend-key.js';
+import { servicesCtx } from '../ctx/prax.js';
+import { testFullViewingKey, testSpendKey } from '../test-utils.js';
+import { authorize } from './authorize.js';
 
 describe('Authorize request handler', () => {
   let req: AuthorizeRequest;
 
-  const mockApproverCtx = vi.fn(() => Promise.resolve<UserChoice>(UserChoice.Approved));
   const mockFullViewingKeyCtx = vi.fn(() => Promise.resolve(testFullViewingKey));
-  const mockSpendKeyCtx = vi.fn(() => Promise.resolve(testSpendKey));
+  const mockAuthorizeCtx = vi.fn(({ plan }: PlainMessage<AuthorizeRequest>) =>
+    Promise.resolve(
+      new AuthorizeResponse({ data: authorizePlan(testSpendKey, new TransactionPlan(plan)) }),
+    ),
+  );
   const mockServicesCtx: Mock<[], Promise<ServicesInterface>> = vi.fn();
 
   const handlerContextInit = {
@@ -33,10 +39,9 @@ describe('Authorize request handler', () => {
   };
 
   const contextValues = createContextValues()
-    .set(approverCtx, mockApproverCtx as unknown)
     .set(servicesCtx, mockServicesCtx)
     .set(fvkCtx, mockFullViewingKeyCtx)
-    .set(skCtx, mockSpendKeyCtx);
+    .set(authorizeCtx, mockAuthorizeCtx);
 
   const mockCtx: HandlerContext = createHandlerContext({
     ...handlerContextInit,
@@ -77,53 +82,23 @@ describe('Authorize request handler', () => {
     expect(data).toBeInstanceOf(AuthorizationData);
   });
 
-  test('should fail if user denies request', async () => {
-    mockApproverCtx.mockResolvedValueOnce(UserChoice.Denied);
-    await expect(authorize(req, mockCtx)).rejects.toThrow();
+  test('should fail if context does not authorize', async () => {
+    mockAuthorizeCtx.mockRejectedValueOnce(new Error('unique error'));
+    await expect(authorize(req, mockCtx)).rejects.toThrow('unique error');
   });
 
   test('should fail if plan is missing in request', async () => {
-    await expect(authorize(new AuthorizeRequest(), mockCtx)).rejects.toThrow(
-      'No plan included in request',
-    );
+    await expect(authorize(new AuthorizeRequest(), mockCtx)).rejects.toThrow('No actions planned');
   });
 
-  test('should fail if fullViewingKey context is not configured', async () => {
-    const ctxWithoutFullViewingKey = createHandlerContext({
-      ...handlerContextInit,
-      contextValues: createContextValues()
-        .set(approverCtx, mockApproverCtx as unknown)
-        .set(servicesCtx, mockServicesCtx)
-        .set(skCtx, mockSpendKeyCtx),
-    });
-    await expect(authorize(req, ctxWithoutFullViewingKey)).rejects.toThrow('[failed_precondition]');
-  });
-
-  test('should fail if spendKey context is not configured', async () => {
-    const ctxWithoutSpendKey = createHandlerContext({
-      ...handlerContextInit,
-      contextValues: createContextValues()
-        .set(approverCtx, mockApproverCtx as unknown)
-        .set(servicesCtx, mockServicesCtx)
-        .set(fvkCtx, mockFullViewingKeyCtx),
-    });
-    await expect(authorize(req, ctxWithoutSpendKey)).rejects.toThrow('[failed_precondition]');
-  });
-
-  test('should fail if approver context is not configured', async () => {
-    const ctxWithoutApprover = createHandlerContext({
-      ...handlerContextInit,
-      contextValues: createContextValues()
-        .set(servicesCtx, mockServicesCtx)
-        .set(fvkCtx, mockFullViewingKeyCtx)
-        .set(skCtx, mockSpendKeyCtx),
-    });
-    await expect(authorize(req, ctxWithoutApprover)).rejects.toThrow('[failed_precondition]');
-  });
+  test('should fail if context is missing', async () => {
+    const contextValues = createContextValues()
+      .set(servicesCtx, mockServicesCtx)
+      .set(fvkCtx, mockFullViewingKeyCtx);
 
-  test('should fail with reason if spendKey is not available', async () => {
-    mockSpendKeyCtx.mockRejectedValueOnce(new Error('some reason'));
-    await expect(authorize(req, mockCtx)).rejects.toThrow('some reason');
+    await expect(
+      authorize(req, createHandlerContext({ ...handlerContextInit, contextValues })),
+    ).rejects.toThrow('not a function');
   });
 });
 

packages/services/src/ctx/spend-key.ts

@@ -1,27 +1,25 @@
-import type { Impl } from './index.js';
-import { approverCtx } from '../ctx/approver.js';
-import { authorizePlan } from '@penumbra-zone/wasm/build';
-import { Code, ConnectError } from '@connectrpc/connect';
-import { UserChoice } from '@penumbra-zone/types/user-choice';
+import { authorizeCtx } from '../ctx/authorize.js';
 import { fvkCtx } from '../ctx/full-viewing-key.js';
-import { skCtx } from '../ctx/spend-key.js';
-import { assertValidAuthorizeRequest } from './validation/authorize.js';
-
-export const authorize: Impl['authorize'] = async (req, ctx) => {
-  if (!req.plan) {
-    throw new ConnectError('No plan included in request', Code.InvalidArgument);
-  }
+import type { Impl } from './index.js';
+import { assertValidActionPlans } from './util/validate-request.js';
+import { assertValidAuthorizationData } from './util/validate-response.js';
+import { toPlainMessage } from '@bufbuild/protobuf';
 
-  const fullViewingKey = await ctx.values.get(fvkCtx)();
-  assertValidAuthorizeRequest(req, fullViewingKey);
+/**
+ * This is essentially a configurable stub. It performs some basic validation,
+ * and then trusts the service context to provide an appropriate implementation.
+ */
+export const authorize: Impl['authorize'] = async ({ plan, preAuthorizations }, ctx) => {
+  const fvk = await ctx.values.get(fvkCtx)();
 
-  const choice = await ctx.values.get(approverCtx)(req);
-  if (choice !== UserChoice.Approved) {
-    throw new ConnectError('Transaction was not approved', Code.PermissionDenied);
-  }
+  const actionCounts = assertValidActionPlans(fvk, plan && toPlainMessage(plan).actions);
 
-  const spendKey = await ctx.values.get(skCtx)();
+  const { data: authorizationData } = await ctx.values.get(authorizeCtx)({
+    plan,
+    preAuthorizations,
+  });
 
-  const data = authorizePlan(spendKey, req.plan);
-  return { data };
+  return {
+    data: assertValidAuthorizationData(actionCounts, authorizationData),
+  };
 };

packages/services/src/custody-service/authorize.test.ts

@@ -0,0 +1,30 @@
+import type { ActionPlan } from '@penumbra-zone/protobuf/penumbra/core/transaction/v1/transaction_pb';
+
+export const actionCountsInit: Record<NonNullable<ActionPlan['action']['case']>, number> = {
+  actionDutchAuctionEnd: 0,
+  actionDutchAuctionSchedule: 0,
+  actionDutchAuctionWithdraw: 0,
+  actionLiquidityTournamentVote: 0,
+  communityPoolDeposit: 0,
+  communityPoolOutput: 0,
+  communityPoolSpend: 0,
+  delegate: 0,
+  delegatorVote: 0,
+  ibcRelayAction: 0,
+  ics20Withdrawal: 0,
+  output: 0,
+  positionClose: 0,
+  positionOpen: 0,
+  positionRewardClaim: 0,
+  positionWithdraw: 0,
+  proposalDepositClaim: 0,
+  proposalSubmit: 0,
+  proposalWithdraw: 0,
+  spend: 0,
+  swap: 0,
+  swapClaim: 0,
+  undelegate: 0,
+  undelegateClaim: 0,
+  validatorDefinition: 0,
+  validatorVote: 0,
+} as const;