defuse/accounts.rs
1use std::collections::HashSet;
2
3use defuse_core::{Nonce, crypto::PublicKey};
4use defuse_serde_utils::base64::AsBase64;
5use near_plugins::AccessControllable;
6use near_sdk::{AccountId, ext_contract};
7
8#[ext_contract(ext_account_manager)]
9pub trait AccountManager {
10 /// Check if account has given public key
11 fn has_public_key(&self, account_id: &AccountId, public_key: &PublicKey) -> bool;
12
13 /// Returns set of public keys registered for given account
14 fn public_keys_of(&self, account_id: &AccountId) -> HashSet<PublicKey>;
15
16 /// Registers or re-activates `public_key` under the caller account_id.
17 ///
18 /// NOTE: MUST attach 1 yⓃ for security purposes.
19 fn add_public_key(&mut self, public_key: PublicKey);
20
21 /// Deactivate `public_key` from the caller account_id,
22 /// i.e. this key can't be used to make any actions unless it's re-created.
23 ///
24 /// NOTE: MUST attach 1 yⓃ for security purposes.
25 fn remove_public_key(&mut self, public_key: PublicKey);
26
27 /// Returns whether given nonce was already used by the account
28 /// NOTE: nonces are non-sequential and follow
29 /// [permit2 nonce schema](https://docs.uniswap.org/contracts/permit2/reference/signature-transfer#nonce-schema).
30 fn is_nonce_used(&self, account_id: &AccountId, nonce: AsBase64<Nonce>) -> bool;
31
32 /// Clears all expired nonces for given accounts.
33 /// Omitting any errors, e.g. if account doesn't exist or nonces are not expired.
34 /// NOTE: MUST attach 1 yⓃ for security purposes.
35 fn cleanup_expired_nonces(&mut self, nonces: Vec<(AccountId, Vec<AsBase64<Nonce>>)>);
36
37 /// Returns whether authentication by PREDECESSOR_ID is enabled
38 /// for given `account_id`.
39 ///
40 /// NOTE: Authentication by PREDECESSOR_ID is enabled by default
41 /// when creating new accounts.
42 fn is_auth_by_predecessor_id_enabled(&self, account_id: &AccountId) -> bool;
43
44 /// Disables authentication by PREDECESSOR_ID for the caller,
45 /// i.e. PREDECESSOR_ID itself.
46 ///
47 /// **WARN**: Doing so might lock you out of your funds if
48 /// you don't have any other public_keys added to your account.
49 ///
50 /// NOTE: MUST attach 1 yⓃ for security purposes.
51 fn disable_auth_by_predecessor_id(&mut self);
52}
53
54#[ext_contract(ext_force_account_locker)]
55pub trait AccountForceLocker: AccessControllable {
56 /// Returns whether the given`account_id` is locked
57 fn is_account_locked(&self, account_id: &AccountId) -> bool;
58
59 /// Locks given `account_id` from modifying its own state, including
60 /// token balances.
61 /// Returns `false` if the account was already in locked state.
62 ///
63 /// Attached deposit of 1yN is required for security purposes.
64 ///
65 /// NOTE: this still allows for force withdrawals/transfers
66 fn force_lock_account(&mut self, account_id: AccountId) -> bool;
67
68 /// Unlocks given `account_id`.
69 /// Returns `false` if the account wasn't in locked state.
70 ///
71 /// Attached deposit of 1yN is required for security purposes.
72 fn force_unlock_account(&mut self, account_id: &AccountId) -> bool;
73}