feat: use teritori/ghverify instead of gnoland (#1510)

Signed-off-by: Norman <norman@samourai.coop>
Co-authored-by: Norman <norman@samourai.coop>
Co-authored-by: n0izn0iz <n0izn0iz@users.noreply.github.com>

Author: 3 people

gno/p/basedao/basedao.gno

@@ -23,6 +23,7 @@ type Config struct {
 	ImageURI          string
 	Members           *MembersStore
 	NoDefaultHandlers bool
+	NoEvents          bool
 	InitialCondition  daocond.Condition
 	SetProfileString  ProfileStringSetter
 	GetProfileString  ProfileStringGetter
@@ -32,6 +33,8 @@ type ProfileStringSetter func(field string, value string) bool
 type ProfileStringGetter func(addr std.Address, field string, def string) string
 
 func New(conf *Config) *DAO {
+	// XXX: emit events from memberstore
+
 	members := conf.Members
 	if members == nil {
 		members = NewMembersStore(nil, nil)
@@ -41,8 +44,11 @@ func New(conf *Config) *DAO {
 		panic(errors.New("GetProfileString is required"))
 	}
 
+	core := daokit.NewCore()
+	core.NoEvents = conf.NoEvents
+
 	dao := &DAO{
-		Core:             daokit.NewCore(),
+		Core:             core,
 		Members:          members,
 		GetProfileString: conf.GetProfileString,
 		Realm:            std.CurrentRealm(),
@@ -56,11 +62,8 @@ func New(conf *Config) *DAO {
 	}
 
 	if !conf.NoDefaultHandlers {
-		if conf.SetProfileString == nil {
-			panic(errors.New("SetProfileString is required"))
-		}
-
 		if conf.InitialCondition == nil {
+			// XXX: this won't work because members threshold uses events
 			conf.InitialCondition = daocond.MembersThreshold(0.6, members.IsMember, members.MembersCount)
 		}
 

gno/p/daokit/daokit.gno

@@ -9,6 +9,7 @@ import (
 type Core struct {
 	Resources      *resourcesStore
 	ProposalModule *ProposalModule
+	NoEvents       bool
 }
 
 func NewCore() *Core {
@@ -32,12 +33,14 @@ func (d *Core) Vote(voterID string, proposalID uint64, vote daocond.Vote) {
 		panic("proposal is not open")
 	}
 
-	e := &daocond.EventVote{
-		VoterID: voterID,
-		Vote:    daocond.Vote(vote),
+	if !d.NoEvents {
+		e := &daocond.EventVote{
+			VoterID: voterID,
+			Vote:    daocond.Vote(vote),
+		}
+		proposal.ConditionState.HandleEvent(e, proposal.Votes)
 	}
 
-	proposal.ConditionState.HandleEvent(e, proposal.Votes)
 	proposal.Votes[voterID] = daocond.Vote(vote)
 
 }

gno/r/ghverify/README.md

@@ -0,0 +1,11 @@
+# ghverify
+
+Fork of [ghverify](https://github.com/gnolang/gno/tree/master/examples/gno.land/r/gnoland/ghverify)
+
+This realm is intended to enable off chain gno address to github handle verification.
+The steps are as follows:
+- A user calls `RequestVerification` and provides a github handle. This creates a new static oracle feed.
+- An off-chain agent controlled by the owner of this realm requests current feeds using the `GnorkleEntrypoint` function and provides a message of `"request"`
+- The agent receives the task information that includes the github handle and the gno address. It performs the verification step by checking whether this github user has the address in a github repository it controls.
+- The agent publishes the result of the verification by calling `GnorkleEntrypoint` with a message structured like: `"ingest,<task id>,<verification status>"`. The verification status is `OK` if verification succeeded and any other value if it failed.
+- The oracle feed's ingester processes the verification and the handle to address mapping is written to the avl trees that exist as ghverify realm variables.

gno/r/ghverify/contract.gno

@@ -0,0 +1,151 @@
+package ghverify
+
+import (
+	"errors"
+	"std"
+
+	"gno.land/p/demo/avl"
+	"gno.land/p/demo/gnorkle/feeds/static"
+	"gno.land/p/demo/gnorkle/gnorkle"
+	"gno.land/p/demo/gnorkle/message"
+)
+
+const (
+	// The agent should send this value if it has verified the github handle.
+	verifiedResult = "OK"
+)
+
+var (
+	ownerAddress = std.GetOrigCaller()
+	oracle       *gnorkle.Instance
+	postHandler  postGnorkleMessageHandler
+
+	handleToAddressMap = avl.NewTree()
+	addressToHandleMap = avl.NewTree()
+)
+
+func init() {
+	oracle = gnorkle.NewInstance()
+	oracle.AddToWhitelist("", []string{string(ownerAddress)})
+}
+
+type postGnorkleMessageHandler struct{}
+
+// Handle does post processing after a message is ingested by the oracle feed. It extracts the value to realm
+// storage and removes the feed from the oracle.
+func (h postGnorkleMessageHandler) Handle(i *gnorkle.Instance, funcType message.FuncType, feed gnorkle.Feed) error {
+	if funcType != message.FuncTypeIngest {
+		return nil
+	}
+
+	result, _, consumable := feed.Value()
+	if !consumable {
+		return nil
+	}
+
+	// The value is consumable, meaning the ingestion occurred, so we can remove the feed from the oracle
+	// after saving it to realm storage.
+	defer oracle.RemoveFeed(feed.ID())
+
+	// Couldn't verify; nothing to do.
+	if result.String != verifiedResult {
+		return nil
+	}
+
+	feedTasks := feed.Tasks()
+	if len(feedTasks) != 1 {
+		return errors.New("expected feed to have exactly one task")
+	}
+
+	task, ok := feedTasks[0].(*verificationTask)
+	if !ok {
+		return errors.New("expected ghverify task")
+	}
+
+	handleToAddressMap.Set(task.githubHandle, task.gnoAddress)
+	addressToHandleMap.Set(task.gnoAddress, task.githubHandle)
+	return nil
+}
+
+// RequestVerification creates a new static feed with a single task that will
+// instruct an agent to verify the github handle / gno address pair.
+func RequestVerification(githubHandle string) {
+	gnoAddress := string(std.GetOrigCaller())
+	if err := oracle.AddFeeds(
+		static.NewSingleValueFeed(
+			gnoAddress,
+			"string",
+			&verificationTask{
+				gnoAddress:   gnoAddress,
+				githubHandle: githubHandle,
+			},
+		),
+	); err != nil {
+		panic(err)
+	}
+	std.Emit(
+		"verification_requested",
+		"from", gnoAddress,
+		"handle", githubHandle,
+	)
+}
+
+// GnorkleEntrypoint is the entrypoint to the gnorkle oracle handler.
+func GnorkleEntrypoint(message string) string {
+	result, err := oracle.HandleMessage(message, postHandler)
+	if err != nil {
+		panic(err)
+	}
+
+	return result
+}
+
+// SetOwner transfers ownership of the contract to the given address.
+func SetOwner(owner std.Address) {
+	if ownerAddress != std.GetOrigCaller() {
+		panic("only the owner can set a new owner")
+	}
+
+	ownerAddress = owner
+
+	// In the context of this contract, the owner is the only one that can
+	// add new feeds to the oracle.
+	oracle.ClearWhitelist("")
+	oracle.AddToWhitelist("", []string{string(ownerAddress)})
+}
+
+// GetHandleByAddress returns the github handle associated with the given gno address.
+func GetHandleByAddress(address string) string {
+	if value, ok := addressToHandleMap.Get(address); ok {
+		return value.(string)
+	}
+
+	return ""
+}
+
+// GetAddressByHandle returns the gno address associated with the given github handle.
+func GetAddressByHandle(handle string) string {
+	if value, ok := handleToAddressMap.Get(handle); ok {
+		return value.(string)
+	}
+
+	return ""
+}
+
+// Render returns a json object string will all verified handle -> address mappings.
+func Render(_ string) string {
+	result := "{"
+	var appendComma bool
+	handleToAddressMap.Iterate("", "", func(handle string, address interface{}) bool {
+		if appendComma {
+			result += ","
+		}
+
+		result += `"` + handle + `": "` + address.(string) + `"`
+		appendComma = true
+
+		return false
+	})
+
+	return result + "}"
+}

gno/r/ghverify/contract_test.gno

@@ -0,0 +1,105 @@
+package ghverify
+
+import (
+	"std"
+	"testing"
+
+	"gno.land/p/demo/testutils"
+)
+
+func TestVerificationLifecycle(t *testing.T) {
+	defaultAddress := std.GetOrigCaller()
+	user1Address := std.Address(testutils.TestAddress("user 1"))
+	user2Address := std.Address(testutils.TestAddress("user 2"))
+
+	// Verify request returns no feeds.
+	result := GnorkleEntrypoint("request")
+	if result != "[]" {
+		t.Fatalf("expected empty request result, got %s", result)
+	}
+
+	// Make a verification request with the created user.
+	std.TestSetOrigCaller(user1Address)
+	RequestVerification("deelawn")
+
+	// A subsequent request from the same address should panic because there is
+	// already a feed with an ID of this user's address.
+	var errMsg string
+	func() {
+		defer func() {
+			if r := recover(); r != nil {
+				errMsg = r.(error).Error()
+			}
+		}()
+		RequestVerification("deelawn")
+	}()
+	if errMsg != "feed already exists" {
+		t.Fatalf("expected feed already exists, got %s", errMsg)
+	}
+
+	// Verify the request returns no feeds for this non-whitelisted user.
+	result = GnorkleEntrypoint("request")
+	if result != "[]" {
+		t.Fatalf("expected empty request result, got %s", result)
+	}
+
+	// Make a verification request with the created user.
+	std.TestSetOrigCaller(user2Address)
+	RequestVerification("omarsy")
+
+	// Set the caller back to the whitelisted user and verify that the feed data
+	// returned matches what should have been created by the `RequestVerification`
+	// invocation.
+	std.TestSetOrigCaller(defaultAddress)
+	result = GnorkleEntrypoint("request")
+	expResult := `[{"id":"` + string(user1Address) + `","type":"0","value_type":"string","tasks":[{"gno_address":"` +
+		string(user1Address) + `","github_handle":"deelawn"}]},` +
+		`{"id":"` + string(user2Address) + `","type":"0","value_type":"string","tasks":[{"gno_address":"` +
+		string(user2Address) + `","github_handle":"omarsy"}]}]`
+	if result != expResult {
+		t.Fatalf("expected request result %s, got %s", expResult, result)
+	}
+
+	// Try to trigger feed ingestion from the non-authorized user.
+	std.TestSetOrigCaller(user1Address)
+	func() {
+		defer func() {
+			if r := recover(); r != nil {
+				errMsg = r.(error).Error()
+			}
+		}()
+		GnorkleEntrypoint("ingest," + string(user1Address) + ",OK")
+	}()
+	if errMsg != "caller not whitelisted" {
+		t.Fatalf("expected caller not whitelisted, got %s", errMsg)
+	}
+
+	// Set the caller back to the whitelisted user and transfer contract ownership.
+	std.TestSetOrigCaller(defaultAddress)
+	SetOwner(defaultAddress)
+
+	// Now trigger the feed ingestion from the user and new owner and only whitelisted address.
+	GnorkleEntrypoint("ingest," + string(user1Address) + ",OK")
+	GnorkleEntrypoint("ingest," + string(user2Address) + ",OK")
+
+	// Verify the ingestion autocommitted the value and triggered the post handler.
+	data := Render("")
+	expResult = `{"deelawn": "` + string(user1Address) + `","omarsy": "` + string(user2Address) + `"}`
+	if data != expResult {
+		t.Fatalf("expected render data %s, got %s", expResult, data)
+	}
+
+	// Finally make sure the feed was cleaned up after the data was committed.
+	result = GnorkleEntrypoint("request")
+	if result != "[]" {
+		t.Fatalf("expected empty request result, got %s", result)
+	}
+
+	// Check that the accessor functions are working as expected.
+	if handle := GetHandleByAddress(string(user1Address)); handle != "deelawn" {
+		t.Fatalf("expected deelawn, got %s", handle)
+	}
+	if address := GetAddressByHandle("deelawn"); address != string(user1Address) {
+		t.Fatalf("expected %s, got %s", string(user1Address), address)
+	}
+}

gno/r/ghverify/gno.mod

@@ -0,0 +1 @@
+module gno.land/r/teritori/ghverify

gno/r/ghverify/task.gno

@@ -0,0 +1,24 @@
+package ghverify
+
+import (
+	"bufio"
+	"bytes"
+)
+
+type verificationTask struct {
+	gnoAddress   string
+	githubHandle string
+}
+
+// MarshalJSON marshals the task contents to JSON.
+func (t *verificationTask) MarshalJSON() ([]byte, error) {
+	buf := new(bytes.Buffer)
+	w := bufio.NewWriter(buf)
+
+	w.Write(
+		[]byte(`{"gno_address":"` + t.gnoAddress + `","github_handle":"` + t.githubHandle + `"}`),
+	)
+
+	w.Flush()
+	return buf.Bytes(), nil
+}

gno/r/govdao/govdao.gno

@@ -6,7 +6,7 @@ import (
 	"gno.land/p/teritori/daokit"
 	"gno.land/p/teritori/role_manager"
 	"gno.land/r/demo/profile"
-	"gno.land/r/gnoland/ghverify"
+	"gno.land/r/teritori/ghverify"
 )
 
 const (
@@ -50,6 +50,7 @@ func init() {
 		GetProfileString:  profile.GetStringField,
 	})
 
+	// XXX: t1Supermajority won't work because daocond.RoleThreshold uses events
 	t1Supermajority := daocond.RoleThreshold(0.66, Tier1, dao.Members.HasRole, dao.Members.CountMembersWithRole)
 	supermajority := daocond.GovDaoCondThreshold(0.66, []string{Tier1, Tier2, Tier3}, dao.Members.HasRole, dao.Members.CountMembersWithRole)
 	majorityWithoutT3 := daocond.GovDaoCondThreshold(0.5, []string{Tier1, Tier2}, dao.Members.HasRole, dao.Members.CountMembersWithRole)