package cli import ( "errors" "fmt" "strings" "time" "github.com/spf13/cobra" authclient "cosmossdk.io/x/auth/client" "cosmossdk.io/x/authz" bank "cosmossdk.io/x/bank/types" staking "cosmossdk.io/x/staking/types" "github.com/cosmos/cosmos-sdk/client" "github.com/cosmos/cosmos-sdk/client/flags" "github.com/cosmos/cosmos-sdk/client/tx" sdk "github.com/cosmos/cosmos-sdk/types" "github.com/cosmos/cosmos-sdk/version" ) // Flag names and values const ( FlagSpendLimit = "spend-limit" FlagMsgType = "msg-type" FlagExpiration = "expiration" FlagAllowedValidators = "allowed-validators" FlagDenyValidators = "deny-validators" FlagAllowList = "allow-list" delegate = "delegate" redelegate = "redelegate" unbond = "unbond" ) // GetTxCmd returns the transaction commands for this module func GetTxCmd() *cobra.Command { authorizationTxCmd := &cobra.Command{ Use: authz.ModuleName, Short: "Authorization transactions subcommands", Long: "Authorize and revoke access to execute transactions on behalf of your address", DisableFlagParsing: true, SuggestionsMinimumDistance: 2, RunE: client.ValidateCmd, } authorizationTxCmd.AddCommand( NewCmdGrantAuthorization(), NewCmdExecAuthorization(), ) return authorizationTxCmd } // NewCmdExecAuthorization returns a CLI command handler for creating a MsgExec transaction. // Deprecated: This command is deprecated in favor for the AutoCLI exec command. // It stays here for backward compatibility, as the AutoCLI command has a small breaking change, // but it will be removed in future versions. func NewCmdExecAuthorization() *cobra.Command { cmd := &cobra.Command{ Use: "legacy-exec [tx-json-file] --from [grantee]", Short: "Execute tx on behalf of granter account. Deprecated, use exec instead.", Example: fmt.Sprintf("$ %s tx authz exec tx.json --from grantee\n $ %[1]s tx bank send [granter] [recipient] [amount] --generate-only tx.json && %[1]s tx authz exec tx.json --from grantee", version.AppName), Args: cobra.ExactArgs(1), RunE: func(cmd *cobra.Command, args []string) error { clientCtx, err := client.GetClientTxContext(cmd) if err != nil { return err } grantee, err := clientCtx.AddressCodec.BytesToString(clientCtx.GetFromAddress()) if err != nil { return err } if offline, _ := cmd.Flags().GetBool(flags.FlagOffline); offline { return errors.New("cannot broadcast tx during offline mode") } theTx, err := authclient.ReadTxFromFile(clientCtx, args[0]) if err != nil { return err } msg := authz.NewMsgExec(grantee, theTx.GetMsgs()) return tx.GenerateOrBroadcastTxCLI(clientCtx, cmd.Flags(), &msg) }, } flags.AddTxFlagsToCmd(cmd) return cmd } // NewCmdGrantAuthorization returns a CLI command handler for creating a MsgGrant transaction. // Migrating this command to AutoCLI is possible but would be CLI breaking. func NewCmdGrantAuthorization() *cobra.Command { cmd := &cobra.Command{ Use: "grant [grantee] --from [granter]", Short: "Grant authorization to an address", Long: fmt.Sprintf(`create a new grant authorization to an address to execute a transaction on your behalf: Examples: $ %[1]s tx authz grant cosmos1skjw.. send --spend-limit=1000stake --from=cosmos1skl.. $ %[1]s tx authz grant cosmos1skjw.. generic --msg-type=/cosmos.gov.v1.MsgVote --from=cosmos1sk.. `, version.AppName), Args: cobra.ExactArgs(2), RunE: func(cmd *cobra.Command, args []string) error { clientCtx, err := client.GetClientTxContext(cmd) if err != nil { return err } grantee := args[0] if _, err := clientCtx.AddressCodec.StringToBytes(grantee); err != nil { return err } granter, err := clientCtx.AddressCodec.BytesToString(clientCtx.GetFromAddress()) if err != nil { return err } if strings.EqualFold(grantee, granter) { return errors.New("grantee and granter should be different") } var authorization authz.Authorization switch args[1] { case "send": limit, err := cmd.Flags().GetString(FlagSpendLimit) if err != nil { return err } spendLimit, err := sdk.ParseCoinsNormalized(limit) if err != nil { return err } if !spendLimit.IsAllPositive() { return errors.New("spend-limit should be greater than zero") } allowList, err := cmd.Flags().GetStringSlice(FlagAllowList) if err != nil { return err } // check for duplicates for i := 0; i < len(allowList); i++ { for j := i + 1; j < len(allowList); j++ { if allowList[i] == allowList[j] { return fmt.Errorf("duplicate address %s in allow-list", allowList[i]) } } } allowed, err := bech32toAccAddresses(clientCtx, allowList) if err != nil { return err } authorization = bank.NewSendAuthorization(spendLimit, allowed, clientCtx.AddressCodec) case "generic": msgType, err := cmd.Flags().GetString(FlagMsgType) if err != nil { return err } authorization = authz.NewGenericAuthorization(msgType) case delegate, unbond, redelegate: limit, err := cmd.Flags().GetString(FlagSpendLimit) if err != nil { return err } allowValidators, err := cmd.Flags().GetStringSlice(FlagAllowedValidators) if err != nil { return err } denyValidators, err := cmd.Flags().GetStringSlice(FlagDenyValidators) if err != nil { return err } var delegateLimit *sdk.Coin if limit != "" { spendLimit, err := sdk.ParseCoinNormalized(limit) if err != nil { return err } queryClient := staking.NewQueryClient(clientCtx) res, err := queryClient.Params(cmd.Context(), &staking.QueryParamsRequest{}) if err != nil { return err } if spendLimit.Denom != res.Params.BondDenom { return fmt.Errorf("invalid denom %s; coin denom should match the current bond denom %s", spendLimit.Denom, res.Params.BondDenom) } if !spendLimit.IsPositive() { return errors.New("spend-limit should be greater than zero") } delegateLimit = &spendLimit } allowed, err := bech32toValAddresses(clientCtx, allowValidators) if err != nil { return err } denied, err := bech32toValAddresses(clientCtx, denyValidators) if err != nil { return err } switch args[1] { case delegate: authorization, err = staking.NewStakeAuthorization(allowed, denied, staking.AuthorizationType_AUTHORIZATION_TYPE_DELEGATE, delegateLimit, clientCtx.ValidatorAddressCodec) case unbond: authorization, err = staking.NewStakeAuthorization(allowed, denied, staking.AuthorizationType_AUTHORIZATION_TYPE_UNDELEGATE, delegateLimit, clientCtx.ValidatorAddressCodec) default: authorization, err = staking.NewStakeAuthorization(allowed, denied, staking.AuthorizationType_AUTHORIZATION_TYPE_REDELEGATE, delegateLimit, clientCtx.ValidatorAddressCodec) } if err != nil { return err } default: return fmt.Errorf("invalid authorization type, %s", args[1]) } expire, err := getExpireTime(cmd) if err != nil { return err } msg, err := authz.NewMsgGrant(granter, grantee, authorization, expire) if err != nil { return err } return tx.GenerateOrBroadcastTxCLI(clientCtx, cmd.Flags(), msg) }, } flags.AddTxFlagsToCmd(cmd) cmd.Flags().String(FlagMsgType, "", "The Msg method name for which we are creating a GenericAuthorization") cmd.Flags().String(FlagSpendLimit, "", "SpendLimit for Send Authorization, an array of Coins allowed spend") cmd.Flags().StringSlice(FlagAllowedValidators, []string{}, "Allowed validators addresses separated by ,") cmd.Flags().StringSlice(FlagDenyValidators, []string{}, "Deny validators addresses separated by ,") cmd.Flags().StringSlice(FlagAllowList, []string{}, "Allowed addresses grantee is allowed to send funds separated by ,") cmd.Flags().Int64(FlagExpiration, 0, "Expire time as Unix timestamp. Set zero (0) for no expiry. Default is 0.") return cmd } func getExpireTime(cmd *cobra.Command) (*time.Time, error) { exp, err := cmd.Flags().GetInt64(FlagExpiration) if err != nil { return nil, err } if exp == 0 { return nil, nil } e := time.Unix(exp, 0) return &e, nil } // bech32toValAddresses returns []ValAddress from a list of Bech32 string addresses. func bech32toValAddresses(clientCtx client.Context, validators []string) ([]sdk.ValAddress, error) { vals := make([]sdk.ValAddress, len(validators)) for i, validator := range validators { addr, err := clientCtx.ValidatorAddressCodec.StringToBytes(validator) if err != nil { return nil, err } vals[i] = addr } return vals, nil } // bech32toAccAddresses returns []AccAddress from a list of Bech32 string addresses. func bech32toAccAddresses(clientCtx client.Context, accAddrs []string) ([]sdk.AccAddress, error) { addrs := make([]sdk.AccAddress, len(accAddrs)) for i, addr := range accAddrs { accAddr, err := clientCtx.AddressCodec.StringToBytes(addr) if err != nil { return nil, err } addrs[i] = accAddr } return addrs, nil }