@ocap/tx-pipeline 1.27.7 → 1.27.8

package/lib/index.js

@@ -23,6 +23,7 @@ const VerifyTxSize = require('./pipes/verify-tx-size');
 const VerifyTxInput = require('./pipes/verify-tx-input');
 const VerifyUpdater = require('./pipes/verify-updater');
 const VerifyTokenBalance = require('./pipes/verify-token-balance');
+const verifyTokenAccess = require('./pipes/verify-token-access');
 const VerifyStateDiff = require('./pipes/verify-state-diff');
 const TakeStateSnapshot = require('./pipes/take-state-snapshot');
 
@@ -53,6 +54,7 @@ module.exports = {
     VerifyTxSize,
     VerifyTxInput,
     VerifyTokenBalance,
+    verifyTokenAccess,
     VerifyStateDiff,
     TakeStateSnapshot,
   },

package/lib/pipes/verify-token-access.js

@@ -0,0 +1,99 @@
+/* eslint-disable no-restricted-syntax */
+const get = require('lodash/get');
+const isEmpty = require('empty-value');
+const { CustomError: Error } = require('@ocap/util/lib/error');
+const { getRelatedAddresses } = require('@ocap/util/lib/get-related-addr');
+const { toAddress } = require('@ocap/util');
+
+/**
+ * Verify that accounts are in a specified list field of token/tokenFactory states
+ * This is a generic pipe that can be used for various restriction checks (spenders, minters, etc.)
+ *
+ * @param {object} params
+ * @param {string} params.statesKey - context key for token/tokenFactory states array, defaults to 'tokenStates'
+ * @param {string} params.listFieldKey - field name in token state to check (e.g., 'spenders', 'minters')
+ * @param {string[]} params.accountKeys - array of context keys, each value can be account state object or plain address string
+ * @param {string} params.errorMessage - custom error message template, use {address} and {tokenAddress} as placeholders
+ * @returns {Function} pipe function
+ */
+module.exports = function CreateVerifyTokenAccessPipe({
+  statesKey = 'tokenStates',
+  listFieldKey = 'spenders',
+  accountKeys = [],
+  errorMessage,
+}) {
+  if (!Array.isArray(accountKeys) || accountKeys.length === 0) {
+    throw new Error('INTERNAL', 'verify-token-access: accountKeys must be a non-empty array');
+  }
+
+  if (!listFieldKey) {
+    throw new Error('INTERNAL', 'verify-token-access: listFieldKey is required');
+  }
+
+  const defaultErrorMessage =
+    errorMessage ||
+    `Account {address} is not allowed to interact with token {tokenAddress} (${listFieldKey} restriction)`;
+
+  return function VerifyAccountInList(context, next) {
+    const states = get(context, statesKey);
+    if (isEmpty(states)) {
+      return next();
+    }
+
+    const statesList = Array.isArray(states) ? states : [states];
+    const addressCache = new Map();
+
+    function getCachedAddresses(acct) {
+      if (typeof acct === 'string') return [acct];
+
+      if (!addressCache.has(acct.address)) {
+        addressCache.set(acct.address, getRelatedAddresses(acct));
+      }
+      return addressCache.get(acct.address);
+    }
+
+    for (const state of statesList) {
+      // Skip if state doesn't have the list field or it's empty
+      const list = state[listFieldKey];
+      if (!list) continue;
+
+      // Normalize addresses to lowercase for case-insensitive comparison (important for ETH addresses)
+      const listSet = new Set(list.map((addr) => toAddress(addr).toLowerCase()));
+
+      // Verify each account in accountKeys
+      for (const accountKey of accountKeys) {
+        const accountState = get(context, accountKey);
+
+        // Skip if account state doesn't exist
+        if (!accountState) {
+          continue;
+        }
+
+        // Handle array of account states
+        const accountStates = Array.isArray(accountState) ? accountState : [accountState];
+
+        for (const acct of accountStates) {
+          // Skip if acct is null/undefined
+          if (!acct) {
+            continue;
+          }
+
+          const addresses = getCachedAddresses(acct);
+
+          // Check if any address is in the list (case-insensitive)
+          const isAllowed = addresses.some((addr) => listSet.has(toAddress(addr).toLowerCase()));
+
+          if (!isAllowed) {
+            const displayAddress = typeof acct === 'string' ? acct : acct.address;
+            const message = defaultErrorMessage
+              .replace('{address}', displayAddress)
+              .replace('{tokenAddress}', state.address);
+            return next(new Error('FORBIDDEN', `verify-token-access: ${message}`, { persist: true }));
+          }
+        }
+      }
+    }
+
+    next();
+  };
+};

package/lib/pipes/verify-tx-input.js

@@ -14,6 +14,7 @@ module.exports = function CreateVerifyTxInputPipe({
   sendersKey = 'senders',
   tokensKey = 'tokens',
   assetsKey = 'assets',
+  allowEmpty = false,
 }) {
   return function VerifyTxInput(context, next) {
     const inputs = getListField(context, fieldKey);
@@ -38,7 +39,7 @@ module.exports = function CreateVerifyTxInputPipe({
       {
         error: 'INSUFFICIENT_DATA',
         message: `${fieldKey} should not be empty`,
-        fn: () => !isEmpty(inputs),
+        fn: () => allowEmpty || !isEmpty(inputs),
       },
       {
         error: 'INVALID_TX',
@@ -59,7 +60,7 @@ module.exports = function CreateVerifyTxInputPipe({
       {
         error: 'INVALID_TX',
         message: `Token amount must be greater than 0 in each ${fieldKey} item`,
-        fn: () => inputs.every((x) => getTokens(x).every(({ value }) => new BN(value).gt(ZERO))),
+        fn: () => allowEmpty || inputs.every((x) => getTokens(x).every(({ value }) => new BN(value).gt(ZERO))),
       },
       {
         error: 'INVALID_TX',

package/lib/runner.js

@@ -37,7 +37,17 @@ class PipelineRunner extends EventEmitter {
           await fn(err, context, next);
           return;
         }
+
         if (!hasError && paramCount < 3) {
+          // Check if this pipe should be skipped
+          if (opts && opts.shouldSkip) {
+            const skip = typeof opts.shouldSkip === 'function' ? opts.shouldSkip(context) : opts.shouldSkip;
+            if (skip) {
+              next();
+              return;
+            }
+          }
+
           await fn(context, (e) => {
             if (e) {
               attachErrorProps(e, opts);

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.27.7",
+  "version": "1.27.8",
   "description": "Pipeline runner and common pipelines to process transactions",
   "main": "lib/index.js",
   "files": [
@@ -15,8 +15,8 @@
   "devDependencies": {
     "jest": "^29.7.0",
     "start-server-and-test": "^1.14.0",
-    "@ocap/e2e-test": "1.27.7",
-    "@ocap/statedb-memory": "1.27.7"
+    "@ocap/e2e-test": "1.27.8",
+    "@ocap/statedb-memory": "1.27.8"
   },
   "resolutions": {
     "bn.js": "5.2.2",
@@ -26,14 +26,14 @@
     "debug": "^4.3.6",
     "empty-value": "^1.0.1",
     "lodash": "^4.17.21",
-    "@arcblock/did": "1.27.7",
-    "@arcblock/did-util": "1.27.7",
-    "@ocap/client": "1.27.7",
-    "@ocap/mcrypto": "1.27.7",
-    "@ocap/message": "1.27.7",
-    "@ocap/state": "1.27.7",
-    "@ocap/util": "1.27.7",
-    "@ocap/wallet": "1.27.7"
+    "@arcblock/did": "1.27.8",
+    "@arcblock/did-util": "1.27.8",
+    "@ocap/client": "1.27.8",
+    "@ocap/message": "1.27.8",
+    "@ocap/mcrypto": "1.27.8",
+    "@ocap/wallet": "1.27.8",
+    "@ocap/state": "1.27.8",
+    "@ocap/util": "1.27.8"
   },
   "scripts": {
     "lint": "eslint tests lib",