UNPKG

@daostack/access_control

Version:

Capability-based access control for Ethereum smart contracts.

github.com/daostack/access_control

daostack/access_control

55 lines (37 loc) 2.41 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
![AUR](https://img.shields.io/aur/license/yaourt.svg) # Access Control [Capability-based access control](https://en.wikipedia.org/wiki/Capability-based_security) for Ethereum smart contracts. ## Get started 1. `npm install --save @daostack/access_control` 2. Use it in your smart contract ```javascript import "@daostack/access_control/contracts/Permissioned.sol"; contract Foo is Permissioned { // Foo stuff... } ``` Check out the [documentation](https://daostack.github.io/access_control/) for more! ## Concept The basic idea is that there are a set of "locks"/"topics" each with a set of "keys". A contract can protects one of it's methods with a lock (or more) such that anyone with the appropriate key can use it to access this method. Each key can have a start time, expiration time, number of uses. Accounts can also transfer some (or all) of their capabilities to other accounts if allowed. Initially the contract itself has a "master key" (infinite uses, no expiration, no start time limitation), and then it can pass some partial capabilities to the desired accounts. Features: - Can define a number of uses & expiration date & start time on keys and if to enable the key to be transfrred. - Accounts can assign partial (or full) abillites to other accounts (if allowed). - We can use advanced lock ids to lock a method even on specific parameters, enforce ordering, or other properties (see example). - Can define complex boolean predicates to protect methods. - No performance loss over hand-crafted mechanisms. Benefits: - Declarative policy (no more sprinkling ifs all over the codebase) - Easy control flow (ordering, timing, number of function calls) restrictions (e.g. only allowed to call B after calling A twice within 2 days). - Allows accounts to call functions themselves instead of delegating through other contracts. - Generalized logging mechanism: key usage events can be queried by clients to know whether a method was called and by which account, key revocations can be used to know when users no longer have access to a method. - Easier security since we need to verify less code. ## Contribute 1. `git clone git@github.com:daostack/access_control.git && cd access_control` 2. `npm install` / `yarn` Available Commands: - `npm run ganache` - `npm run lint` - `npm run test` - `npm run build` - `npm run docs:<update|build|deploy|preview>`