defuse/
accounts.rs

1use std::collections::HashSet;
2
3use defuse_core::{Nonce, crypto::PublicKey};
4use defuse_serde_utils::base64::AsBase64;
5use near_plugins::AccessControllable;
6use near_sdk::{AccountId, ext_contract};
7
8#[ext_contract(ext_account_manager)]
9pub trait AccountManager {
10    /// Check if account has given public key
11    fn has_public_key(&self, account_id: &AccountId, public_key: &PublicKey) -> bool;
12
13    /// Returns set of public keys registered for given account
14    fn public_keys_of(&self, account_id: &AccountId) -> HashSet<PublicKey>;
15
16    /// Registers or re-activates `public_key` under the caller account_id.
17    ///
18    /// NOTE: MUST attach 1 yⓃ for security purposes.
19    fn add_public_key(&mut self, public_key: PublicKey);
20
21    /// Deactivate `public_key` from the caller account_id,
22    /// i.e. this key can't be used to make any actions unless it's re-created.
23    ///
24    /// NOTE: MUST attach 1 yⓃ for security purposes.
25    fn remove_public_key(&mut self, public_key: PublicKey);
26
27    /// Returns whether given nonce was already used by the account
28    /// NOTE: nonces are non-sequential and follow
29    /// [permit2 nonce schema](https://docs.uniswap.org/contracts/permit2/reference/signature-transfer#nonce-schema).
30    fn is_nonce_used(&self, account_id: &AccountId, nonce: AsBase64<Nonce>) -> bool;
31
32    /// NOTE: MUST attach 1 yⓃ for security purposes.
33    fn invalidate_nonces(&mut self, nonces: Vec<AsBase64<Nonce>>);
34
35    /// Returns whether authentication by PREDECESSOR_ID is enabled
36    /// for given `account_id`.
37    ///
38    /// NOTE: Authentication by PREDECESSOR_ID is enabled by default
39    /// when creating new accounts.
40    fn is_auth_by_predecessor_id_enabled(&self, account_id: &AccountId) -> bool;
41
42    /// Disables authentication by PREDECESSOR_ID for the caller,
43    /// i.e. PREDECESSOR_ID itself.
44    ///
45    /// **WARN**: Doing so might lock you out of your funds if
46    /// you don't have any other public_keys added to your account.
47    ///
48    /// NOTE: MUST attach 1 yⓃ for security purposes.
49    fn disable_auth_by_predecessor_id(&mut self);
50}
51
52#[ext_contract(ext_force_account_locker)]
53pub trait AccountForceLocker: AccessControllable {
54    /// Returns whether the given`account_id` is locked
55    fn is_account_locked(&self, account_id: &AccountId) -> bool;
56
57    /// Locks given `account_id` from modifying its own state, including
58    /// token balances.
59    /// Returns `false` if the account was already in locked state.
60    ///
61    /// Attached deposit of 1yN is required for security purposes.
62    ///
63    /// NOTE: this still allows for force withdrawals/transfers
64    fn force_lock_account(&mut self, account_id: AccountId) -> bool;
65
66    /// Unlocks given `account_id`.
67    /// Returns `false` if the account wasn't in locked state.
68    ///
69    /// Attached deposit of 1yN is required for security purposes.
70    fn force_unlock_account(&mut self, account_id: &AccountId) -> bool;
71}