Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deposit offer whitelisting #58

Merged
merged 9 commits into from
Oct 30, 2023
Merged

Deposit offer whitelisting #58

merged 9 commits into from
Oct 30, 2023

Conversation

knikos
Copy link
Member

@knikos knikos commented Oct 23, 2023
edited
Loading

Why this should be merged

This PR addresses the need of maintaining (storing/retrieving) signatures used for enabling certain addresses (whitelisting) to deposit funds on certain deposit offers.

How this works

The solution consists of 2 new api methods (AddSignature and GetSignatures), a new db table for storing the signatures as well as the service logic that facilitates the storing and retrieving the information.

API changes

The new deposit offer service consists of two new methods:

  • AddSignatures (POST): requires the fields deposit_offer_id, addresses and signatures. An optional field timestamp can be provided to determine the time period to search for active deposit offers. If none provided, current server timestamp is used.
  • GetSignatures (GET): requires the address for which signatures should be retrieved. Furthermore, a timestamp alongside with a signature are required to ensure restriction of access. Finally, a boolean flag called multisig is used to determine whether the provided address is a multisig alias or a signlesig address.

DB changes

The new db table stores three fields: deposit_offer_id, address and signature. An index is also created for the whitelisted address as signatures are expected to be queried based on that address.

Notes:

  • Adding signatures is also restricted only for valid deposit offer owners to prevent flooding the db with meaningless data.
  • Accessing the respective signatures is restricted only for whitelisted addresses or members of whitelisted msig aliases. Each alias member can access individually the signature associated with an alias.
  • Multisig: applies to whitelisting and not to ownership. When whitelisting an msig alias, the owner just needs to provide 1 signature as he'll whitelist the alias itself and not every participant.

How this was tested

Manual and unit tests

@knikos knikos force-pushed the feature/deposit-offer-whitelisting branch from a589c1e to b1dcefa Compare October 23, 2023 14:53
@knikos knikos marked this pull request as draft October 23, 2023 14:54
@knikos knikos mentioned this pull request Oct 23, 2023
Merged
@knikos knikos force-pushed the feature/deposit-offer-whitelisting branch from b1dcefa to 6ffcd95 Compare October 24, 2023 07:11
@knikos knikos force-pushed the feature/deposit-offer-whitelisting branch from 6ffcd95 to c6b808b Compare October 24, 2023 07:14
@knikos knikos marked this pull request as ready for review October 24, 2023 14:32
evlekht
evlekht reviewed Oct 26, 2023
View reviewed changes
dao/deposit_offer_dao.go Outdated Show resolved Hide resolved
dao/deposit_offer_dao.go Outdated Show resolved Hide resolved
service/deposit_offer_service.go Outdated Show resolved Hide resolved
@knikos knikos merged commit 6063c45 into dev Oct 30, 2023
2 checks passed
@knikos knikos deleted the feature/deposit-offer-whitelisting branch October 30, 2023 19:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@evlekht evlekht evlekht approved these changes

@DerTiedemann DerTiedemann Awaiting requested review from DerTiedemann

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@knikos @evlekht