Skip to content
This repository was archived by the owner on Mar 27, 2024. It is now read-only.
/ substrate-account-filter Public archive

A Substrate frame pallet for account-level permissioning using account whitelisting.

License

Apache-2.0 license
10 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

gautamdhameja/substrate-account-filter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
readme.md
readme.md
 
 

Repository files navigation

Substrate Account Filter

A Substrate pallet for account-level filtering/permissioning.

The pallet maintains a allow-list of accounts that are permitted to submit extrinsics. Sudo (or any other governance mechanism, when supported) could be used to add and remove accounts from this list.

The filtering of incoming extrinsics and their sender accounts is done during the transaction queue validation, using the SignedExtension trait.

Usage

  • Add the module's dependency in the Cargo.toml of your runtime directory. Make sure to enter the correct path or git url of the pallet as per your setup.
[dependencies.account_filter]
package = 'substrate-account-filter'
git = 'https://github.com/gautamdhameja/substrate-account-filter.git'
default-features = false
  • Declare the pallet in your runtime/src/lib.rs.
pub use account_filter;

impl account_filter::Config for Runtime {
    type Event = Event;
}

construct_runtime!(
    pub enum Runtime where
        Block = Block,
        NodeBlock = opaque::Block,
        UncheckedExtrinsic = UncheckedExtrinsic
    {
        ...
        ...
        ...
        AccountFilter: account_filter::{Module, Call, Storage, Event<T>, Config<T>},
    }
);
  • Add the module's AllowAccount type in the SignedExtra checklist.
pub type SignedExtra = (
    ...
    ...
    balances::TakeFees<Runtime>,
    account_filter::AllowAccount<Runtime>
  • Add a genesis configuration for the module in the src/chain_spec.rs file. This configuration adds the initial account ids to the account allow-list.
    use node_template_runtime::{..., AccountFilterConfig};
    ...
    account_filter: Some(AccountFilterConfig {
        allowed_accounts: vec![
            (get_account_id_from_seed::<sr25519::Public>("Alice"), ()),
            (get_account_id_from_seed::<sr25519::Public>("Bob"), ())],
    }),
  • cargo build --release and then cargo run --release -- --dev

When the node starts, only the AccountIds added in the genesis config of this module will be able to send extrinsics to the runtime. This means that you should not leave the genesis config empty or else no one will be able to submit any extrinsics.

New AccountIds can be added to the allow-list by calling the pallet's add_account function using root key as origin.

Sample

The usage of this pallet are demonstrated in the Substrate permissioning sample.

Potential extension

  • The addition and removal of AccountIds to the allow-list can also be done using other governance methods instead of root.
  • The logic can be reversed to maintain a deny-list of accounts to prevent those AccountIds from sending extrinsics.

Disclaimer

This code not audited and reviewed for production use cases. You can expect bugs and security vulnerabilities. Do not use it as-is in real applications.

About

A Substrate frame pallet for account-level permissioning using account whitelisting.

Topics

blockchain substrate whitelisting permissioning parity-substrate account-permissions

Resources

Readme

License

Apache-2.0 license
Activity

Stars

10 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages