npm - @layerzerolabs/protocol-stellar-v2 - Versions diffs - 0.2.34 → 0.2.36 - Mend

@layerzerolabs/protocol-stellar-v2 0.2.34 → 0.2.36

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (135) hide show

package/Cargo.lock CHANGED Viewed

@@ -1755,9 +1755,9 @@ dependencies = [
 [[package]]
 name = "soroban-ledger-snapshot"
-version = "25.1.0"
+version = "25.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "99c5285c83e7a5581879b7a65033eae53b24ac9689975aa6887f1d8ee3e941c9"
+checksum = "66d569a1315f05216d024653ad87541aa15d3ff26dad9f8a98719cb53ccf2bf3"
 dependencies = [
  "serde",
  "serde_json",
@@ -1769,9 +1769,9 @@ dependencies = [
 [[package]]
 name = "soroban-sdk"
-version = "25.1.0"
+version = "25.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b1262aa83e99a0fb3e8cd56d6e5ca4c28ac4f9871ac7173f65301a8b9a12c20f"
+checksum = "add8d19cfd2c9941bbdc7c8223c3cf9d7ff9af4554ba3bd4ae93e16b19b08aea"
 dependencies = [
  "arbitrary",
  "bytes-lit",
@@ -1793,9 +1793,9 @@ dependencies = [
 [[package]]
 name = "soroban-sdk-macros"
-version = "25.1.0"
+version = "25.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "93b62c526917a1e77b6dce3cd841b6c271f0fff344ea93ad92a8c45afe8051b6"
+checksum = "2a0107e34575ec704ce29407695462e79e6b0e13ce7af6431b2f15c313e34464"
 dependencies = [
  "darling 0.20.11",
  "heck 0.5.0",
@@ -1813,9 +1813,9 @@ dependencies = [
 [[package]]
 name = "soroban-spec"
-version = "25.1.0"
+version = "25.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0186c943a78de7038ce7eee478f521f7a7665440101ae0d24b4a59833fb6d833"
+checksum = "53a1c9f6ccc6aa78518545e3cf542bd26f11d9085328a2e1c06c90514733fe15"
 dependencies = [
  "base64 0.22.1",
  "stellar-xdr",
@@ -1825,9 +1825,9 @@ dependencies = [
 [[package]]
 name = "soroban-spec-rust"
-version = "25.1.0"
+version = "25.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7a948196ed0633be3a4125e0c7a4fc0bb6337942e538813b1f171331738f9058"
+checksum = "e8247d3c6256b544b2461606c6892351bb22978d751e07c1aea744377053d852"
 dependencies = [
  "prettyplease",
  "proc-macro2",

package/Cargo.toml CHANGED Viewed

@@ -14,7 +14,7 @@ license = "MIT"
 version = "0.0.1"
 [workspace.dependencies]
-soroban-sdk = { version = "25.1.0", features = ["hazmat-address", "hazmat-crypto"] }
+soroban-sdk = { version = "25.1.1", features = ["hazmat-address", "hazmat-crypto"] }
 soroban-spec-typescript = "25.1.0" # used in tools/ts-bindings-gen
 # Third-party dependencies (production)

package/contracts/common-macros/src/auth.rs CHANGED Viewed

@@ -27,14 +27,14 @@ pub fn generate_ownable_impl(input: TokenStream) -> TokenStream {
     quote! {
         #item_struct
-        use utils::{auth::Auth as _, option_ext::OptionExt as _, ownable::{Ownable as _, OwnableInitializer as _}};
+        use utils::{auth::Auth as _, ownable::{Ownable as _, OwnableInitializer as _}};
         impl utils::ownable::OwnableInitializer for #name {}
         #[common_macros::contract_impl]
         impl utils::auth::Auth for #name {
-            fn authorizer(env: &soroban_sdk::Env) -> soroban_sdk::Address {
-                <Self as utils::ownable::Ownable>::owner(env).unwrap_or_panic(env, utils::errors::OwnableError::OwnerNotSet)
+            fn authorizer(env: &soroban_sdk::Env) -> Option<soroban_sdk::Address> {
+                <Self as utils::ownable::Ownable>::owner(env)
             }
         }
@@ -63,8 +63,8 @@ pub fn generate_multisig_impl(input: TokenStream) -> TokenStream {
         #[common_macros::contract_impl]
         impl utils::auth::Auth for #name {
-            fn authorizer(env: &soroban_sdk::Env) -> soroban_sdk::Address {
-                env.current_contract_address()
+            fn authorizer(env: &soroban_sdk::Env) -> Option<soroban_sdk::Address> {
+                Some(env.current_contract_address())
             }
         }

package/contracts/common-macros/src/lib.rs CHANGED Viewed

@@ -7,6 +7,8 @@
 //! - [`lz_contract`] - Wrapper macro combining common LayerZero contract attributes
 //! - [`multisig`] - MultiSig trait implementation macro
 //! - [`only_auth`] - Auth-based access control attribute macro
+//! - [`only_role`] - RBAC role check with auth attribute macro
+//! - [`has_role`] - RBAC role check attribute macro
 //! - [`ownable`] - Ownable trait implementation macro
 //! - [`storage`] - Storage enum to API macro
 //! - [`ttl_configurable`] - TTL configuration with freeze support
@@ -20,6 +22,7 @@ mod auth;
 mod contract_ttl;
 mod error;
 mod lz_contract;
+mod rbac;
 mod storage;
 mod ttl_configurable;
 mod ttl_extendable;
@@ -232,6 +235,72 @@ pub fn only_auth(_attr: TokenStream, item: TokenStream) -> TokenStream {
     auth::prepend_only_auth_check(item.into()).into()
 }
+// ============================================================================
+// RBAC Macros
+// ============================================================================
+/// Checks that the given account has the specified role.
+///
+/// Injects a role check at the start of the function. Panics with
+/// `RbacError::Unauthorized` if the account does not have the role (aligns with OpenZeppelin).
+///
+/// # Requirements
+/// - The function must have an `Env` parameter
+/// - The function must have a parameter matching the first macro arg (of type `Address` or `&Address`)
+/// - The contract must use `utils::rbac` (e.g. `RbacStorage` or `RoleBasedAccessControl`)
+///
+/// # Example
+/// ```ignore
+/// #[has_role(caller, "minter")]
+/// pub fn mint(env: Env, caller: Address, amount: i128) { ... }
+///
+/// // Or with a &str constant:
+/// const MINTER_ROLE: &str = "minter";
+/// #[has_role(caller, MINTER_ROLE)]
+/// pub fn mint(env: Env, caller: Address, amount: i128) { ... }
+/// ```
+///
+/// # Generated code
+/// ```ignore
+/// pub fn mint(env: Env, caller: Address, amount: i128) {
+///     utils::rbac::ensure_role(&env, &soroban_sdk::Symbol::new(&env, "minter"), &caller);
+///     // Original function body
+/// }
+/// ```
+#[proc_macro_attribute]
+pub fn has_role(attr: TokenStream, item: TokenStream) -> TokenStream {
+    rbac::generate_role_check(attr.into(), item.into(), false).into()
+}
+/// Checks that the given account has the specified role and requires auth.
+///
+/// Same as `#[has_role]` but also calls `account.require_auth()` to ensure
+/// the caller has authorized the transaction.
+///
+/// # Requirements
+/// Same as `#[has_role]`.
+///
+/// # Example
+/// ```ignore
+/// #[only_role(caller, "minter")]
+/// pub fn mint(env: Env, caller: Address, amount: i128) { ... }
+///
+/// // Or with a &str constant: #[only_role(caller, MINTER_ROLE)]
+/// ```
+///
+/// # Generated code
+/// ```ignore
+/// pub fn mint(env: Env, caller: Address, amount: i128) {
+///     utils::rbac::ensure_role(&env, &soroban_sdk::Symbol::new(&env, "minter"), &caller);
+///     caller.require_auth();
+///     // Original function body
+/// }
+/// ```
+#[proc_macro_attribute]
+pub fn only_role(attr: TokenStream, item: TokenStream) -> TokenStream {
+    rbac::generate_role_check(attr.into(), item.into(), true).into()
+}
 // ============================================================================
 // TTL Configuration Macro
 // ============================================================================

package/contracts/common-macros/src/rbac.rs ADDED Viewed

@@ -0,0 +1,90 @@
+//! RBAC attribute macros for Stellar contracts.
+//!
+//! Provides `#[has_role]` and `#[only_role]` for role-based access control,
+//! delegating to `utils::rbac::ensure_role`.
+use crate::utils;
+use proc_macro2::TokenStream;
+use quote::{quote, ToTokens};
+use syn::parse_quote;
+use syn::{
+    parse::{Parse, ParseStream},
+    Expr, FnArg, Ident, ItemFn, Pat, Token, Type,
+};
+/// Helper that generates the role check for both `has_role` and `only_role`.
+/// If `require_auth` is true, also injects `account.require_auth()`.
+pub fn generate_role_check(args: TokenStream, input: TokenStream, require_auth: bool) -> TokenStream {
+    let HasRoleArgs { param, role } =
+        syn::parse2(args).unwrap_or_else(|e| panic!("failed to parse has_role/only_role args: {}", e));
+    let mut input_fn: ItemFn = syn::parse2(input).unwrap_or_else(|e| panic!("failed to parse function: {}", e));
+    let is_address_ref = validate_address_type(&input_fn, &param);
+    let param_ref = if is_address_ref { quote!(#param) } else { quote!(&#param) };
+    let env_param = utils::expect_env_param(&input_fn.sig.inputs);
+    let env_ref = env_param.as_ref_tokens();
+    // Insert the role check at the beginning of the function body
+    input_fn.block.stmts.insert(
+        0,
+        parse_quote!(utils::rbac::ensure_role(#env_ref, &soroban_sdk::Symbol::new(#env_ref, #role), #param_ref);),
+    );
+    if require_auth {
+        input_fn.block.stmts.insert(1, parse_quote!(#param.require_auth();));
+    }
+    input_fn.into_token_stream()
+}
+struct HasRoleArgs {
+    param: Ident,
+    role: Expr,
+}
+impl Parse for HasRoleArgs {
+    fn parse(input: ParseStream) -> syn::Result<Self> {
+        // Parse the parameter name (the account identifier to check)
+        let param: Ident = input.parse()?;
+        // Expect a comma separator between param and role
+        input.parse::<Token![,]>()?;
+        // Parse the role expression (e.g., a string literal or constant)
+        let role: Expr = input.parse()?;
+        Ok(HasRoleArgs { param, role })
+    }
+}
+/// Looks up `param_name` in the function signature and validates that its type
+/// is `Address` or `&Address`. Returns `true` when the parameter is a reference,
+/// so the caller knows whether an extra `&` is needed when forwarding it.
+///
+/// Panics at macro-expansion time if the parameter doesn't exist.
+fn validate_address_type(func: &ItemFn, param_name: &Ident) -> bool {
+    for arg in &func.sig.inputs {
+        let FnArg::Typed(pat_type) = arg else { continue };
+        let Pat::Ident(pat_ident) = &*pat_type.pat else { continue };
+        if pat_ident.ident != *param_name {
+            continue;
+        }
+        return match &*pat_type.ty {
+            Type::Reference(r) => {
+                assert_is_address(&r.elem, param_name);
+                true
+            }
+            ty => {
+                assert_is_address(ty, param_name);
+                false
+            }
+        };
+    }
+    panic!("Parameter `{param_name}` not found in function signature");
+}
+/// Asserts that the type path resolves to `Address`, panicking otherwise.
+fn assert_is_address(ty: &Type, param_name: &Ident) {
+    let Type::Path(tp) = ty else {
+        panic!("Parameter `{param_name}` must be of type `Address` or `&Address`");
+    };
+    if tp.path.segments.last().is_none_or(|s| s.ident != "Address") {
+        panic!("Parameter `{param_name}` must be of type `Address` or `&Address`");
+    }
+}

package/contracts/common-macros/src/storage.rs CHANGED Viewed

@@ -119,7 +119,7 @@ fn gen_accessor_methods(enum_name: &Ident, variant: &Variant) -> TokenStream {
     // Getter: returns the value directly (with default) or wrapped in Option.
     let (ret_type, ret_expr) = match &config.default_value {
-        Some(default) => (quote! { #value_type }, quote! { value.unwrap_or(#default) }),
+        Some(default) => (quote! { #value_type }, quote! { value.unwrap_or_else(|| #default) }),
         None => (quote! { Option<#value_type> }, quote! { value }),
     };
     let ttl_on_get = extend_ttl.as_ref().map(|call| quote! { if value.is_some() { #call } });
@@ -131,10 +131,12 @@ fn gen_accessor_methods(enum_name: &Ident, variant: &Variant) -> TokenStream {
     };
     // TTL extender method — only for persistent/temporary storage (instance has no per-key TTL).
-    let ttl_extender_method = (config.kind != StorageKind::Instance).then(|| quote! {
-        pub fn #ttl_extender(#params, threshold: u32, extend_to: u32) {
-            let key = #key;
-            #accessor.extend_ttl(&key, threshold, extend_to);
+    let ttl_extender_method = (config.kind != StorageKind::Instance).then(|| {
+        quote! {
+            pub fn #ttl_extender(#params, threshold: u32, extend_to: u32) {
+                let key = #key;
+                #accessor.extend_ttl(&key, threshold, extend_to);
+            }
         }
     });

package/contracts/common-macros/src/tests/lz_contract.rs CHANGED Viewed

@@ -22,8 +22,10 @@ fn snapshot_generated_lz_contract_code() {
         &syn::parse2::<syn::File>(multisig_upgradeable_result).expect("failed to parse generated code"),
     );
-    let upgradeable_no_migration_result =
-        crate::lz_contract::generate_lz_contract(quote! { upgradeable(no_migration) }, quote! { pub struct MyContract; });
+    let upgradeable_no_migration_result = crate::lz_contract::generate_lz_contract(
+        quote! { upgradeable(no_migration) },
+        quote! { pub struct MyContract; },
+    );
     let upgradeable_no_migration_formatted = prettyplease::unparse(
         &syn::parse2::<syn::File>(upgradeable_no_migration_result).expect("failed to parse generated code"),
     );
@@ -45,11 +47,7 @@ fn test_lz_contract_invalid_config_table_driven() {
     let input = quote! { pub struct MyContract; };
     let cases: Vec<(&str, TokenStream, &str)> = vec![
-        (
-            "unknown option",
-            quote! { not_a_real_option },
-            "expected one of `upgradeable`, `multisig`",
-        ),
+        ("unknown option", quote! { not_a_real_option }, "expected one of `upgradeable`, `multisig`"),
         ("invalid attr syntax", quote! { 123 }, "failed to parse lz_contract config"),
         ("upgradeable(bad_inner)", quote! { upgradeable(not_migration) }, "expected `no_migration`"),
         (

package/contracts/common-macros/src/tests/mod.rs CHANGED Viewed

@@ -2,6 +2,7 @@ mod auth;
 mod contract_ttl;
 mod error;
 mod lz_contract;
+mod rbac;
 mod storage;
 mod test_helpers;
 mod ttl_configurable;