go/sonr
go/sonr
1
1
Fork 0
mirror of https://github.com/onsonr/sonr.git synced 2025-03-10 13:07:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Update x/macaroon/README.md with details from protobuf files

Browse Source
This commit is contained in:
Prad Nukala 2024-10-21 17:00:59 -04:00
parent 348555981b
commit fd62b6ec67
1 changed files with 66 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
x/macaroon/README.md
View File

@ -1,62 +1,104 @@
# `x/macaroon` # `x/macaroon`
The Macaroon module is responsible for providing decentralized access control and service authorization for the Sonr ecosystem. The Macaroon module is responsible for providing decentralized access control and service authorization for the Sonr ecosystem. It implements macaroon-based authentication and authorization mechanisms.
## Concepts ## Concepts
Macaroons are a type of bearer credential that allow for decentralized delegation, attenuation, and third-party caveats. This module implements the core functionality for creating, validating, and managing macaroons within the Sonr ecosystem.
## State ## State
Specify and describe structures expected to marshalled into the store, and their keys The module maintains the following state:
### Account State ### Grant
The Account state includes the user's public key, associated wallets, and other identification details. It is stored using the user's DID as the key. Represents a permission grant with the following fields:
- `id`: Unique identifier (auto-incremented)
- `controller`: Address of the controller
- `subject`: Subject of the grant
- `origin`: Origin of the grant
- `expiry_height`: Block height at which the grant expires
### Credential State ### Macaroon
The Credential state includes the claims about a subject and is stored using the credential ID as the key. Represents a macaroon token with the following fields:
- `id`: Unique identifier (auto-incremented)
- `controller`: Address of the controller
- `subject`: Subject of the macaroon
- `origin`: Origin of the macaroon
- `expiry_height`: Block height at which the macaroon expires
- `macaroon`: The actual macaroon token
## State Transitions ## State Transitions
Standard state transition operations triggered by hooks, messages, etc. State transitions occur through the following messages:
- `MsgUpdateParams`: Updates the module parameters
- `MsgIssueMacaroon`: Issues a new macaroon
## Messages ## Messages
Specify message structure(s) and expected state machine behaviour(s). ### MsgUpdateParams
## Begin Block Updates the module parameters. Can only be executed by the governance account.
Specify any begin-block operations. Fields:
- `authority`: Address of the governance account
- `params`: New parameter values
## End Block ### MsgIssueMacaroon
Specify any end-block operations. Issues a new macaroon for a given controller and origin.
## Hooks Fields:
- `controller`: Address of the controller
- `origin`: Origin of the request in wildcard form
- `permissions`: Map of permissions
- `token`: Macaroon token to authenticate the operation
Describe available hooks to be called by/from this module. ## Queries
The module provides the following queries:
- `Params`: Retrieves the current module parameters
- `RefreshToken`: Refreshes a macaroon token (post-authentication)
- `ValidateToken`: Validates a macaroon token (pre-authentication)
## Parameters
The module has the following parameters:
- `methods`: Defines the available DID methods
- `default`: Default method
- `supported`: List of supported methods
- `scopes`: Defines the set of scopes
- `base`: Base scope
- `supported`: List of supported scopes
- `caveats`: Defines the available caveats
- `supported_first_party`: List of supported first-party caveats
- `supported_third_party`: List of supported third-party caveats
- `transactions`: Defines the allowlist and denylist for transactions
- `allowlist`: List of allowed transactions
- `denylist`: List of denied transactions
## Events ## Events
List and describe event tags used. The module may emit events related to macaroon issuance, validation, and refreshing. (Specific event details to be implemented)
## Client ## Client
List and describe CLI commands and gRPC and REST endpoints. The module provides gRPC endpoints for all queries and message types defined in the protobuf files.
## Params
List all module parameters, their types (in JSON) and identitys.
## Future Improvements ## Future Improvements
Describe future improvements of this module. - Implement more advanced caveat types
- Add support for third-party caveats
- Enhance macaroon revocation mechanisms
- Implement additional security features and checks
## Tests ## Tests
Acceptance tests. (To be implemented: Acceptance tests for the module's functionality)
## Appendix ## Appendix
Supplementary details referenced elsewhere within the spec. For more information on macaroons and their implementation, refer to the original macaroon paper: "Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud" by Arnar Birgisson, et al.
his is a module base generated with [`spawn`](https://github.com/rollchains/spawn).