Evaluate channel READ/WRITE entitlements locally on stream node #19
Conversation
clemire
changed the base branch from
main
to
crystal/hnt-6476-get-channel-based-entitlements-for-permission
clemire
changed the base branch from
crystal/hnt-6476-get-channel-based-entitlements-for-permission
to
main
…s an existing test for channels that is failing.
…rom-chain-and-evaluate-locally-on
…rom-chain-and-evaluate-locally-on
…rom-chain-and-evaluate-locally-on
…rom-chain-and-evaluate-locally-on
clemire
changed the title
…rom-chain-and-evaluate-locally-on
…rom-chain-and-evaluate-locally-on
| @@ -103,4 +103,6 @@ network: | |||
| # Debug feature flags. | |||
| disableBaseChain: <DISABLE_BASE_CHAIN> | |||
|
|
|||
| chains: '31337:http://localhost:8545,31338:http://localhost:8546,84532:https://sepolia.base.org,11155111:https://ethereum-sepolia-rpc.publicnode.com' | |||
There was a problem hiding this comment.
This is needed for local and CI testing to be successful, it configures the stream node to use these as asset chains for entitlement checks
There was a problem hiding this comment.
what is the reason for using external blockchains for local tests?
There was a problem hiding this comment.
anvil doesn't behave the same way as external chains, which has exposed us to issues in the past because xchain incompatibilities weren't caught until deploying. However I'm not sure we're testing external chains on stream node, this is just the same config as what xchain is using for local testing, which I think makes sense - we still have two node config template files at this time so it has to be copied.
| } | ||
|
|
||
| // Sanity checks | ||
| log := dlog.FromCtx(ctx).With("function", "evaluateCheckOperation") |
There was a problem hiding this comment.
explicit errors instead of segfaults with these checks
| const createAliceAndBobStart = Date.now() | ||
| // This test is commented out as the membership joinSpace does not check linked wallets | ||
| // against the user entitlement. | ||
| test.skip('userEntitlementPass - join as root, linked wallet whitelisted', async () => { |
There was a problem hiding this comment.
This test case checked the wrong condition - I fixed and commented out. Turns out wallet linking is not implemented in the space contract for space joins, will need to fix this one and below.
core/node/auth/banning.go
Outdated
| return &banning{ | ||
| contract: contract, | ||
| spaceAddress: spaceAddress, | ||
| bannedAddressCache: NewBannedAddressCache(time.Duration(cfg.NegativeEntitlementCacheTTLSeconds) * time.Second), |
There was a problem hiding this comment.
This value is never set in config and is always 0.
Default value used in other parts of the code is 2 seconds.
…rom-chain-and-evaluate-locally-on
…rom-chain-and-evaluate-locally-on
clemire
deleted the
crystal/hnt-6492-fetch-channel-permissions-from-chain-and-evaluate-locally-on
branch
For READ and WRITE permissions on the stream node, the stream node now fetches entitlements (including xchain entitlements), evaluates them, and caches them in positive / negative cache depending on result. This includes a ban check. All other permissions are checked via the usual route.
Note: channel and space entitlements evaluated on the stream node are now evaluated through the same flow:
Other changes: