/idos-access-grants

idOS access grant contracts

Primary LanguageJavaScriptMIT LicenseMIT

idOS access grant contracts

EVM NEAR License

When receiving a signed request for data not owned by the signer, idOS nodes use these smart contracts as the source of truth for authorizing (or denying) the request.

The contract functionality is straightforward:

  • a grant is an idOS object representing a data access grant from an owner to a grantee for a given data ID (optionally with a timelock)
  • the contract stores a collection of grants
  • anyone can list grants
  • a signer can
    • create a grant that they own
    • delete a grant that they own (unless timelocked)

Contracts

Implementations:

Target VM Language Source
EVM Solidity evm/
NEAR VM Rust near-rs/

Deployments:

Source Chain Address
evm/ Sepolia 0xA5Ac9B9703Bd661cd2aC05B41FE57d1A5DD332AA
evm/ Arbitrum Sepolia 0x350829c8FCb3DF16EeaE9ADDa2565090348426f9
evm/ Arbitrum One 0x350829c8FCb3DF16EeaE9ADDa2565090348426f9
evm/ Etherlink Testnet 0xeed5537b68baD728A3Bb433d8e06ebab81ac0EAB
evm/ Etherlink 0xeed5537b68baD728A3Bb433d8e06ebab81ac0EAB
near-rs/ NEAR Testnet idos-dev-4.testnet
near-rs/ NEAR Mainnet idos-dev-4.near

Deploy to Sepolia

  1. Copy .env file to .env.local and fill it in accordingly
  2. Run npx hardhat --network sepolia run scripts/deploy.js
  3. Run npx hardhat --network sepolia verify $RESULTING_ADDRESS

Deploy to local chain

Use hardhat to run local node.

  1. Run node in separate process npx hardhat node
  2. Compile a contract npx hardhat compile
  3. Deploy the contract npx hardhat --network locahost run scripts/deploy.js

Interface

Note

This interface description uses mixedCase, but each implementation follows the respective language's style guide, e.g.:

  • in EVM + Solidity, we use mixedCase (insertGrant)
  • in NEAR VM + Rust/TypeScript, we use snake_case (insert_grant).

Objects

Grant

Represents an access grant from a data owner, to a grantee, for a given data ID, until a given time.

Variables

  • owner: address
  • grantee: address
  • dataId: string
  • lockedUntil: 256-bit unsigned integer

Functions

insertGrant

Creates a new access grant.

Arguments

  • required
    • grantee: address
    • dataId: string
  • optional
    • lockedUntil: 256-bit unsigned integer

Implements

  • creates Grant(signer, grantee, dataId, lockedUntil)
  • reverts if this grant already exists

deleteGrant

Deletes an existing access grant.

Arguments

  • required
    • grantee: address
    • dataId: string
  • optional
    • lockedUntil: 256-bit unsigned integer

Implements

  • if given lockedUntil
    • deletes Grant(signer, grantee, dataId, lockedUntil)
    • reverts if lockedUntil is in the future
  • else
    • deletes all Grant(signer, grantee, dataId, *)
    • reverts if any lockedUntil is in the future

findGrants

Lists grants matching the provided arguments.

Arguments

  • required (both or either)
    • owner: address
    • grantee: address
  • optional
    • dataId: string

Implements

Performs a wildcard search, matching existing grants to given arguments, which must follow one of these patterns:

{ owner, grantee, dataId }
{ owner, grantee, ****** }
{ owner, *******, dataId }
{ owner, *******, ****** }
{ *****, grantee, dataId }
{ *****, grantee, ****** }

Returns

A list of 0+ Grants

grantsFor

Lists grants matching the provided arguments.

Arguments

  • required
    • grantee: address
    • dataId: string

Implements

Calls grantsBy with no owner argument.

Returns

A list of 0+ Grants