View function for fetching non-expired allowlisted request digests (#196)

* View function for fetching non-expired allowlisted request digests

* View functions for pre-fetching allowlisted requests

* One more comment

* Updated timestamp type in error/event, removed inlined function

Author: ibrajer

contracts/gas-snapshots/workflow.gas-snapshot

@@ -94,7 +94,9 @@ contract WorkflowRegistry is Ownable2StepMsgSender, ITypeAndVersion {
   mapping(bytes32 rid => bytes32 donHash) private s_donByWorkflowRid;
 
   /// @dev Tracking allowlisted requests for the owner address, required to enable anyone to verify off-chain requests.
-  mapping(address owner => mapping(bytes32 requestDigest => uint256 expiryTimestamp)) private s_requestsAllowlist;
+  mapping(bytes32 ownerDigestHash => uint32 expiryTimestamp) private s_requestsAllowlist;
+  /// @dev Storing allowlisted requests for all owners, enabling fetching all non-expired requests
+  OwnerAllowlistedRequest[] private s_requestAllowlistArray;
   /// @dev Map each owner address to their arbitrary config. Can be used to control billing parameters or any other data per owner
   mapping(address owner => bytes config) private s_ownerConfig;
 
@@ -136,7 +138,7 @@ contract WorkflowRegistry is Ownable2StepMsgSender, ITypeAndVersion {
   event WorkflowDonFamilyUpdated(
     bytes32 indexed workflowId, address indexed owner, string oldDonFamily, string newDonFamily
   );
-  event RequestAllowlisted(address indexed owner, bytes32 indexed requestDigest, uint256 expiryTimestamp);
+  event RequestAllowlisted(address indexed owner, bytes32 indexed requestDigest, uint32 expiryTimestamp);
   /// @notice Emitted when metadata length limits are updated
   event MetadataConfigUpdated(uint8 maxNameLen, uint8 maxTagLen, uint8 maxUrlLen, uint16 maxAttrLen);
   /// @notice Emitted when a workflow owner’s config is updated
@@ -172,7 +174,7 @@ contract WorkflowRegistry is Ownable2StepMsgSender, ITypeAndVersion {
   error EmptyUpdateBatch();
   error BinaryURLRequired();
   error CannotUpdateDONFamilyForPausedWorkflows();
-  error RequestExpired(bytes32 requestDigest, uint256 expiryTimestamp);
+  error RequestExpired(bytes32 requestDigest, uint32 expiryTimestamp);
 
   // ================================================================
   // |                         Enums                                |
@@ -279,6 +281,13 @@ contract WorkflowRegistry is Ownable2StepMsgSender, ITypeAndVersion {
     bytes payload; // ABI‑encoded event data
   }
 
+  /// @dev Struct for OwnerAllowlistedRequest. This is used to return the allowlisted request data for each owner.
+  struct OwnerAllowlistedRequest {
+    bytes32 requestDigest;
+    address owner;
+    uint32 expiryTimestamp;
+  }
+
   // ================================================================
   // |                   Workflow Metadata Config                   |
   // ================================================================
@@ -1312,11 +1321,14 @@ contract WorkflowRegistry is Ownable2StepMsgSender, ITypeAndVersion {
   /// - User calls allowlistRequest(requestDigest) on the Workflow Registry.
   /// - Any user can then send the request payload to the Vault DON.
   /// - Vault DON checks if the digest is on-chain for verification purposes.
-  function allowlistRequest(bytes32 requestDigest, uint256 expiryTimestamp) external {
+  function allowlistRequest(bytes32 requestDigest, uint32 expiryTimestamp) external {
     if (expiryTimestamp <= block.timestamp) revert RequestExpired(requestDigest, expiryTimestamp);
     if (!s_linkedOwners.contains(msg.sender)) revert OwnershipLinkDoesNotExist(msg.sender);
 
-    s_requestsAllowlist[msg.sender][requestDigest] = expiryTimestamp;
+    s_requestsAllowlist[keccak256(abi.encode(msg.sender, requestDigest))] = expiryTimestamp;
+    s_requestAllowlistArray.push(
+      OwnerAllowlistedRequest({owner: msg.sender, requestDigest: requestDigest, expiryTimestamp: expiryTimestamp})
+    );
     emit RequestAllowlisted(msg.sender, requestDigest, expiryTimestamp);
   }
 
@@ -1327,7 +1339,41 @@ contract WorkflowRegistry is Ownable2StepMsgSender, ITypeAndVersion {
   /// @param requestDigest    Unique identifier for the request (hash of the request payload).
   /// @return bool            True if the request is allowlisted and not expired, false otherwise.
   function isRequestAllowlisted(address owner, bytes32 requestDigest) external view returns (bool) {
-    return s_requestsAllowlist[owner][requestDigest] > block.timestamp;
+    return s_requestsAllowlist[keccak256(abi.encode(owner, requestDigest))] > block.timestamp;
+  }
+
+  function getAllowlistedRequests(
+    uint256 start,
+    uint256 limit
+  ) external view returns (OwnerAllowlistedRequest[] memory allowlistedRequests) {
+    uint256 total = s_requestAllowlistArray.length;
+    uint256 pageCount = _getPageCount(total, start, limit);
+
+    if (pageCount == 0) return new OwnerAllowlistedRequest[](0);
+
+    allowlistedRequests = new OwnerAllowlistedRequest[](pageCount);
+    uint256 addedCount = 0;
+    for (uint256 i = 0; i < pageCount; ++i) {
+      OwnerAllowlistedRequest storage request = s_requestAllowlistArray[start + i];
+      if (request.expiryTimestamp > block.timestamp) {
+        allowlistedRequests[addedCount] = request;
+        ++addedCount;
+      }
+    }
+
+    if (addedCount < pageCount) {
+      OwnerAllowlistedRequest[] memory shrinkedList = new OwnerAllowlistedRequest[](addedCount);
+      for (uint256 i = 0; i < addedCount; ++i) {
+        shrinkedList[i] = allowlistedRequests[i];
+      }
+      allowlistedRequests = shrinkedList;
+    }
+
+    return allowlistedRequests;
+  }
+
+  function totalAllowlistedRequests() external view returns (uint256) {
+    return s_requestAllowlistArray.length;
   }
 
   // ================================================================

contracts/src/v0.8/workflow/dev/v2/WorkflowRegistry.sol

@@ -8,7 +8,7 @@ contract WorkflowRegistry_allowlistRequest is WorkflowRegistrySetup {
   function test_allowlistRequest_WhenTheUserIsNotLinked() external {
     // it should revert with OwnershipLinkDoesNotExist
     bytes32 requestDigest = keccak256("request-digest");
-    uint256 expiryTimestamp = block.timestamp + 1 hours;
+    uint32 expiryTimestamp = uint32(block.timestamp + 1 hours);
 
     address vaultNode = address(0x89652);
     vm.prank(vaultNode);
@@ -19,13 +19,13 @@ contract WorkflowRegistry_allowlistRequest is WorkflowRegistrySetup {
     s_registry.allowlistRequest(requestDigest, expiryTimestamp);
 
     // old timestamp should revert
-    expiryTimestamp = block.timestamp - 1 hours;
+    expiryTimestamp = uint32(block.timestamp - 1 hours);
     vm.expectRevert(abi.encodeWithSelector(WorkflowRegistry.RequestExpired.selector, requestDigest, expiryTimestamp));
     vm.prank(s_user);
     s_registry.allowlistRequest(requestDigest, expiryTimestamp);
 
     // timestamp equal to current block timestamp should revert
-    expiryTimestamp = block.timestamp;
+    expiryTimestamp = uint32(block.timestamp);
     vm.expectRevert(abi.encodeWithSelector(WorkflowRegistry.RequestExpired.selector, requestDigest, expiryTimestamp));
     vm.prank(s_user);
     s_registry.allowlistRequest(requestDigest, expiryTimestamp);
@@ -34,7 +34,7 @@ contract WorkflowRegistry_allowlistRequest is WorkflowRegistrySetup {
   function test_allowlistRequest_WhenTheUserIsLinked() external {
     //it should allowlist the request digest
     bytes32 requestDigest = keccak256("request-digest");
-    uint256 expiryTimestamp = block.timestamp + 1 hours;
+    uint32 expiryTimestamp = uint32(block.timestamp + 1 hours);
 
     // link the owner first to ensure the request can be allowlisted
     _linkOwner(s_user);
@@ -51,7 +51,7 @@ contract WorkflowRegistry_allowlistRequest is WorkflowRegistrySetup {
     assertTrue(s_registry.isRequestAllowlisted(s_user, requestDigest), "Request should be allowlisted");
 
     bytes32 newRequestDigest = keccak256("new-request-digest");
-    uint256 newExpiryTimestamp = block.timestamp + 1 hours; // same timestamp as the previous request
+    uint32 newExpiryTimestamp = uint32(block.timestamp + 1 hours); // same timestamp as the previous request
     vm.expectEmit(true, true, true, false);
     emit WorkflowRegistry.RequestAllowlisted(s_user, newRequestDigest, newExpiryTimestamp);
     vm.prank(s_user);
@@ -66,7 +66,7 @@ contract WorkflowRegistry_allowlistRequest is WorkflowRegistrySetup {
     assertFalse(s_registry.isRequestAllowlisted(s_user, newRequestDigest), "New request should expire");
     assertFalse(s_registry.isRequestAllowlisted(s_user, requestDigest), "Old request should expire");
 
-    newExpiryTimestamp = block.timestamp + 2 hours; // same digest, but one hour ahead of block time
+    newExpiryTimestamp = uint32(block.timestamp + 2 hours); // same digest, but one hour ahead of block time
     vm.expectEmit(true, true, true, false);
     emit WorkflowRegistry.RequestAllowlisted(s_user, newRequestDigest, newExpiryTimestamp);
     vm.prank(s_user);

contracts/src/v0.8/workflow/dev/v2/test/WorkflowRegistry/WorkflowRegistry.allowlistRequest.t.sol

@@ -0,0 +1,149 @@
+// SPDX-License-Identifier: BUSL 1.1
+pragma solidity 0.8.26;
+
+import {WorkflowRegistry} from "../../WorkflowRegistry.sol";
+
+import {WorkflowRegistrySetup} from "./WorkflowRegistrySetup.t.sol";
+
+contract WorkflowRegistry_getAllowlistedRequests is WorkflowRegistrySetup {
+  // NOTE: lock and control current timestamp this way due to issues when via-ir is enabled:
+  // https://github.com/foundry-rs/foundry/issues/1373
+  uint256 public currentTimestamp = block.timestamp;
+
+  function test_getAllowlistedRequests_WhenNoRequestsAreAllowlisted() external {
+    // it should return an empty array
+    uint256 total = s_registry.totalAllowlistedRequests();
+    WorkflowRegistry.OwnerAllowlistedRequest[] memory requests = s_registry.getAllowlistedRequests(0, 100);
+    assertEq(total, 0, "Total number of allowlisted requests should be 0");
+    assertEq(requests.length, 0, "Zero requests should be returned");
+  }
+
+  modifier whenSomeRequestsAreAllowlisted() {
+    _;
+  }
+
+  function test_getAllowlistedRequests_WhenNoneOfTheRequestsHaveExpired() external whenSomeRequestsAreAllowlisted {
+    // it should return all requests
+    _linkTestOwners();
+    _allowlistValidTestRequests();
+
+    uint256 total = s_registry.totalAllowlistedRequests();
+    WorkflowRegistry.OwnerAllowlistedRequest[] memory requests = s_registry.getAllowlistedRequests(0, 100);
+    assertEq(total, 6, "Total number of allowlisted requests should be 6");
+    assertEq(requests.length, 6, "All 6 requests should be returned");
+    assertEq(keccak256("request-digest-1-owner-1"), requests[0].requestDigest, "First request digest should match");
+    assertEq(keccak256("request-digest-2-owner-1"), requests[1].requestDigest, "Second request digest should match");
+    assertEq(keccak256("request-digest-1-owner-2"), requests[2].requestDigest, "Third request digest should match");
+    assertEq(keccak256("request-digest-1-owner-3"), requests[3].requestDigest, "Fourth request digest should match");
+    assertEq(keccak256("request-digest-2-owner-3"), requests[4].requestDigest, "Fifth request digest should match");
+    assertEq(keccak256("request-digest-3-owner-3"), requests[5].requestDigest, "Sixth request digest should match");
+
+    // try out pagination - page size 2
+    requests = s_registry.getAllowlistedRequests(0, 2);
+    assertEq(requests.length, 2, "2 requests should be returned");
+    assertEq(keccak256("request-digest-1-owner-1"), requests[0].requestDigest, "First request digest should match");
+    assertEq(keccak256("request-digest-2-owner-1"), requests[1].requestDigest, "Second request digest should match");
+
+    requests = s_registry.getAllowlistedRequests(2, 2);
+    assertEq(requests.length, 2, "2 requests should be returned");
+    assertEq(keccak256("request-digest-1-owner-2"), requests[0].requestDigest, "Third request digest should match");
+    assertEq(keccak256("request-digest-1-owner-3"), requests[1].requestDigest, "Fourth request digest should match");
+
+    requests = s_registry.getAllowlistedRequests(4, 2);
+    assertEq(requests.length, 2, "2 requests should be returned");
+    assertEq(keccak256("request-digest-2-owner-3"), requests[0].requestDigest, "Fifth request digest should match");
+    assertEq(keccak256("request-digest-3-owner-3"), requests[1].requestDigest, "Sixth request digest should match");
+
+    // try out pagination - page size 4
+    requests = s_registry.getAllowlistedRequests(0, 4);
+    assertEq(requests.length, 4, "4 requests should be returned");
+    assertEq(keccak256("request-digest-1-owner-1"), requests[0].requestDigest, "First request digest should match");
+    assertEq(keccak256("request-digest-2-owner-1"), requests[1].requestDigest, "Second request digest should match");
+    assertEq(keccak256("request-digest-1-owner-2"), requests[2].requestDigest, "Third request digest should match");
+    assertEq(keccak256("request-digest-1-owner-3"), requests[3].requestDigest, "Fourth request digest should match");
+
+    requests = s_registry.getAllowlistedRequests(4, 4);
+    assertEq(requests.length, 2, "2 requests should be returned");
+    assertEq(keccak256("request-digest-2-owner-3"), requests[0].requestDigest, "Fifth request digest should match");
+    assertEq(keccak256("request-digest-3-owner-3"), requests[1].requestDigest, "Sixth request digest should match");
+
+    // try out pagination - out of bounds
+    requests = s_registry.getAllowlistedRequests(8, 4);
+    assertEq(requests.length, 0, "No requests should be returned");
+  }
+
+  function test_getAllowlistedRequests_WhenSomeOfTheRequestsHaveExpired() external whenSomeRequestsAreAllowlisted {
+    // it should return only the non-expired requests
+    _linkTestOwners();
+    _allowlistValidTestRequests();
+
+    vm.warp(currentTimestamp + 1 hours);
+    uint256 total = s_registry.totalAllowlistedRequests();
+    // this will time out request-digest-1-owner-1, request-digest-2-owner-1 and request-digest-1-owner-3
+    vm.warp(currentTimestamp + 1 hours);
+    WorkflowRegistry.OwnerAllowlistedRequest[] memory requests = s_registry.getAllowlistedRequests(0, 100);
+    assertEq(total, 6, "Total number of allowlisted requests should be 6");
+    assertEq(requests.length, 3, "3 requests should be returned");
+    assertEq(keccak256("request-digest-1-owner-2"), requests[0].requestDigest, "Third request digest should match");
+    assertEq(keccak256("request-digest-2-owner-3"), requests[1].requestDigest, "Fifth request digest should match");
+    assertEq(keccak256("request-digest-3-owner-3"), requests[2].requestDigest, "Sixth request digest should match");
+
+    vm.warp(currentTimestamp + 2 hours);
+    total = s_registry.totalAllowlistedRequests();
+    // this will time out all requests aside from request-digest-3-owner-3
+    vm.warp(currentTimestamp + 2 hours);
+    requests = s_registry.getAllowlistedRequests(0, 100);
+    assertEq(total, 6, "Total number of allowlisted requests should be 6");
+    assertEq(requests.length, 1, "1 request should be returned");
+    assertEq(keccak256("request-digest-3-owner-3"), requests[0].requestDigest, "Sixth request digest should match");
+
+    vm.warp(currentTimestamp + 3 hours);
+    total = s_registry.totalAllowlistedRequests();
+    // this will time out all requests
+    vm.warp(currentTimestamp + 3 hours);
+    requests = s_registry.getAllowlistedRequests(0, 100);
+    assertEq(total, 6, "Total number of allowlisted requests should be 6");
+    assertEq(requests.length, 0, "No requests should be returned");
+  }
+
+  function _linkTestOwners() internal {
+    _linkOwner(address(0x1)); // owner1
+    _linkOwner(address(0x2)); // owner2
+    _linkOwner(address(0x3)); // owner3
+  }
+
+  // total of 6 valid request digests
+  function _allowlistValidTestRequests() internal {
+    // owner1 - 2 request digests
+    address owner1 = address(0x1);
+    bytes32 requestDigest = keccak256("request-digest-1-owner-1");
+    uint32 expiryTimestamp = uint32(currentTimestamp + 1 hours);
+    vm.prank(owner1);
+    s_registry.allowlistRequest(requestDigest, expiryTimestamp);
+    requestDigest = keccak256("request-digest-2-owner-1");
+    vm.prank(owner1);
+    s_registry.allowlistRequest(requestDigest, expiryTimestamp);
+
+    // owner2 - 1 request digest
+    address owner2 = address(0x2);
+    requestDigest = keccak256("request-digest-1-owner-2");
+    expiryTimestamp = uint32(currentTimestamp + 2 hours);
+    vm.prank(owner2);
+    s_registry.allowlistRequest(requestDigest, expiryTimestamp);
+
+    // owner3 - 3 request digests
+    address owner3 = address(0x3);
+    requestDigest = keccak256("request-digest-1-owner-3");
+    expiryTimestamp = uint32(currentTimestamp + 1 hours);
+    vm.prank(owner3);
+    s_registry.allowlistRequest(requestDigest, expiryTimestamp);
+    requestDigest = keccak256("request-digest-2-owner-3");
+    expiryTimestamp = uint32(currentTimestamp + 2 hours);
+    vm.prank(owner3);
+    s_registry.allowlistRequest(requestDigest, expiryTimestamp);
+    requestDigest = keccak256("request-digest-3-owner-3");
+    expiryTimestamp = uint32(currentTimestamp + 3 hours);
+    vm.prank(owner3);
+    s_registry.allowlistRequest(requestDigest, expiryTimestamp);
+  }
+}

contracts/src/v0.8/workflow/dev/v2/test/WorkflowRegistry/WorkflowRegistry.getAllowlistedRequests.t.sol

@@ -0,0 +1,8 @@
+WorkflowRegistry.getAllowlistedRequests
+├── when no requests are allowlisted
+│   └── it should return an empty array
+└── when some requests are allowlisted
+    ├── when none of the requests have expired
+    │   └── it should return all requests
+    └── when some of the requests have expired
+        └── it should return only the non-expired requests

contracts/src/v0.8/workflow/dev/v2/test/WorkflowRegistry/WorkflowRegistry.getAllowlistedRequests.tree

@@ -1,4 +1,4 @@
 GETH_VERSION: 1.15.3
 capabilities_registry_wrapper_v2: ../../contracts/solc/workflow/dev/v2/CapabilitiesRegistry/CapabilitiesRegistry.sol/CapabilitiesRegistry.abi.json ../../contracts/solc/workflow/dev/v2/CapabilitiesRegistry/CapabilitiesRegistry.sol/CapabilitiesRegistry.bin 69614cd90cc8bcf751f35b6b8ffe3111a535f0aab5676a8aa4b633252ca00549
 workflow_registry_wrapper_v1: ../../contracts/solc/workflow/v1/WorkflowRegistry/WorkflowRegistry.sol/WorkflowRegistry.abi.json ../../contracts/solc/workflow/v1/WorkflowRegistry/WorkflowRegistry.sol/WorkflowRegistry.bin 5adc185ac7dabf6f75297855adc0d77e0bfe64af6491de944083fb10f6f9fb06
-workflow_registry_wrapper_v2: ../../contracts/solc/workflow/dev/v2/WorkflowRegistry/WorkflowRegistry.sol/WorkflowRegistry.abi.json ../../contracts/solc/workflow/dev/v2/WorkflowRegistry/WorkflowRegistry.sol/WorkflowRegistry.bin d719c078dd4bed52a65b1c5e22d693b6897733cf60df8a67b889a960427e4cf8
+workflow_registry_wrapper_v2: ../../contracts/solc/workflow/dev/v2/WorkflowRegistry/WorkflowRegistry.sol/WorkflowRegistry.abi.json ../../contracts/solc/workflow/dev/v2/WorkflowRegistry/WorkflowRegistry.sol/WorkflowRegistry.bin 84294fa58e1acb2812e2b2c2040c9c916f686c85d75627b6e53956d037c15724