Openzeppelin庫第四期:Access詳解
阿新 • • 發佈:2018-12-16
- signatureBouncer.sol: 簽名保護合約,只有指定的角色才能進行簽名
- whitelist.sol:白名單
signatureBouncer.sol:
pragma solidity ^0.4.24; import "../ownership/Ownable.sol"; import "../access/rbac/RBAC.sol"; import "../ECRecovery.sol"; /** * @title SignatureBouncer * @author PhABC, Shrugs and aflesher * @dev Bouncer allows users to submit a signature as a permission to do an action. * If the signature is from one of the authorized bouncer addresses, the signature * is valid. The owner of the contract adds/removes bouncers. * Bouncer addresses can be individual servers signing grants or different * users within a decentralized club that have permission to invite other members. * This technique is useful for whitelists and airdrops; instead of putting all * valid addresses on-chain, simply sign a grant of the form * keccak256(abi.encodePacked(`:contractAddress` + `:granteeAddress`)) using a valid bouncer address. * Then restrict access to your crowdsale/whitelist/airdrop using the * `onlyValidSignature` modifier (or implement your own using isValidSignature). * In addition to `onlyValidSignature`, `onlyValidSignatureAndMethod` and * `onlyValidSignatureAndData` can be used to restrict access to only a given method * or a given method with given parameters respectively. * See the tests Bouncer.test.js for specific usage examples. * @notice A method that uses the `onlyValidSignatureAndData` modifier must make the _sig * parameter the "last" parameter. You cannot sign a message that has its own * signature in it so the last 128 bytes of msg.data (which represents the * length of the _sig data and the _sig data itself) is ignored when validating. * Also non fixed sized parameters make constructing the data in the signature * much more complex. See https://ethereum.stackexchange.com/a/50616 for more details. */ contract SignatureBouncer is Ownable, RBAC { using ECRecovery for bytes32; string public constant ROLE_BOUNCER = "bouncer"; uint constant METHOD_ID_SIZE = 4; // signature size is 65 bytes (tightly packed v + r + s), but gets padded to 96 bytes uint constant SIGNATURE_SIZE = 96; /** * @dev requires that a valid signature of a bouncer was provided */ modifier onlyValidSignature(bytes _sig) { require(isValidSignature(msg.sender, _sig)); _; } /** * @dev requires that a valid signature with a specifed method of a bouncer was provided */ modifier onlyValidSignatureAndMethod(bytes _sig) { require(isValidSignatureAndMethod(msg.sender, _sig)); _; } /** * @dev requires that a valid signature with a specifed method and params of a bouncer was provided */ modifier onlyValidSignatureAndData(bytes _sig) { require(isValidSignatureAndData(msg.sender, _sig)); _; } /** * @dev allows the owner to add additional bouncer addresses */ function addBouncer(address _bouncer) public onlyOwner { require(_bouncer != address(0)); addRole(_bouncer, ROLE_BOUNCER); } /** * @dev allows the owner to remove bouncer addresses */ function removeBouncer(address _bouncer) public onlyOwner { require(_bouncer != address(0)); removeRole(_bouncer, ROLE_BOUNCER); } /** * @dev is the signature of `this + sender` from a bouncer? * @return bool */ function isValidSignature(address _address, bytes _sig) internal view returns (bool) { return isValidDataHash( keccak256(abi.encodePacked(address(this), _address)), _sig ); } /** * @dev is the signature of `this + sender + methodId` from a bouncer? * @return bool */ function isValidSignatureAndMethod(address _address, bytes _sig) internal view returns (bool) { bytes memory data = new bytes(METHOD_ID_SIZE); for (uint i = 0; i < data.length; i++) { data[i] = msg.data[i]; } return isValidDataHash( keccak256(abi.encodePacked(address(this), _address, data)), _sig ); } /** * @dev is the signature of `this + sender + methodId + params(s)` from a bouncer? * @notice the _sig parameter of the method being validated must be the "last" parameter * @return bool */ function isValidSignatureAndData(address _address, bytes _sig) internal view returns (bool) { require(msg.data.length > SIGNATURE_SIZE); bytes memory data = new bytes(msg.data.length - SIGNATURE_SIZE); for (uint i = 0; i < data.length; i++) { data[i] = msg.data[i]; } return isValidDataHash( keccak256(abi.encodePacked(address(this), _address, data)), _sig ); } /** * @dev internal function to convert a hash to an eth signed message * and then recover the signature and check it against the bouncer role * @return bool */ function isValidDataHash(bytes32 _hash, bytes _sig) internal view returns (bool) { address signer = _hash .toEthSignedMessageHash() .recover(_sig); return hasRole(signer, ROLE_BOUNCER); } }
whitelist.sol:
pragma solidity ^0.4.24; import "../ownership/Ownable.sol"; import "../access/rbac/RBAC.sol"; /** * @title Whitelist * @dev The Whitelist contract has a whitelist of addresses, and provides basic authorization control functions. * This simplifies the implementation of "user permissions". */ contract Whitelist is Ownable, RBAC { string public constant ROLE_WHITELISTED = "whitelist"; /** * @dev Throws if operator is not whitelisted. * @param _operator address */ modifier onlyIfWhitelisted(address _operator) { checkRole(_operator, ROLE_WHITELISTED); _; } /** * @dev add an address to the whitelist * @param _operator address * @return true if the address was added to the whitelist, false if the address was already in the whitelist */ function addAddressToWhitelist(address _operator) public onlyOwner { addRole(_operator, ROLE_WHITELISTED); } /** * @dev getter to determine if address is in whitelist */ function whitelist(address _operator) public view returns (bool) { return hasRole(_operator, ROLE_WHITELISTED); } /** * @dev add addresses to the whitelist * @param _operators addresses * @return true if at least one address was added to the whitelist, * false if all addresses were already in the whitelist */ function addAddressesToWhitelist(address[] _operators) public onlyOwner { for (uint256 i = 0; i < _operators.length; i++) { addAddressToWhitelist(_operators[i]); } } /** * @dev remove an address from the whitelist * @param _operator address * @return true if the address was removed from the whitelist, * false if the address wasn't in the whitelist in the first place */ function removeAddressFromWhitelist(address _operator) public onlyOwner { removeRole(_operator, ROLE_WHITELISTED); } /** * @dev remove addresses from the whitelist * @param _operators addresses * @return true if at least one address was removed from the whitelist, * false if all addresses weren't in the whitelist in the first place */ function removeAddressesFromWhitelist(address[] _operators) public onlyOwner { for (uint256 i = 0; i < _operators.length; i++) { removeAddressFromWhitelist(_operators[i]); } } }