Standardize authentication for omni_transferWithdraw and omni_exportWallet #3535
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ntication - Add omni_transferWithdraw to PROTECTED_METHODS array - Replace parameter-based auth (email_code, client_id) with JWT token authentication - Use check_auth() for consistent authentication handling across protected methods - Remove manual verify_auth() calls in favor of middleware-based authentication - Align authentication mechanism with other protected methods like submit_swap_order
…tion - Add omni_exportWallet to PROTECTED_METHODS array - Replace parameter-based auth (email_code, client_id) with JWT token authentication - Use check_auth() for consistent authentication handling across protected methods - Remove manual verify_auth() calls in favor of middleware-based authentication - Align authentication mechanism with other protected methods
silva-fj
changed the title
BillyWooo
approved these changes
Jun 18, 2025
Kailai-Wang
requested changes
Jun 18, 2025
tee-worker/omni-executor/rpc-server/src/methods/omni/transfer_widthdraw.rs
Show resolved
Hide resolved
…untId in PumpxExportWallet - Update NativeTask::PumpxExportWallet to use AccountId instead of Identity - Remove user_email parameter from omni_exportWallet RPC method - Extract omni account directly from authenticated user in RPC handlers - Simplify native task handler by using AccountId directly instead of converting from Identity - Update both omni and pumpx export wallet implementations for consistency This simplifies the API by removing redundant parameters and improves security by using authenticated user data directly.
…AccountId in PumpxTransferWidthdraw - Update NativeTask::PumpxTransferWidthdraw to use AccountId instead of Identity - Remove user_email parameter from omni_transferWithdraw RPC method - Extract omni account directly from authenticated user in RPC handlers - Simplify native task handler by using AccountId directly instead of converting from Identity - Update both omni and pumpx transfer withdraw implementations for consistency This change maintains consistency with the PumpxExportWallet refactoring and improves security by using authenticated user data directly.
Replace Identity parameter with AccountId in PumpxAddWallet to simplify authentication flow. This change: - Updates NativeTask::PumpxAddWallet to accept AccountId directly - Removes user_email parameter from omni add_wallet endpoint - Extracts AccountId from authenticated user's omni_account token - Converts Identity to omni_account in pumpx add_wallet endpoint - Eliminates need for Identity conversion in native task handler
Replace Identity parameter with AccountId in PumpxSignLimitOrder to simplify parameter handling. This change: - Updates NativeTask::PumpxSignLimitOrder to accept AccountId directly - Removes Identity-to-AccountId conversion logic in task handler - Updates both omni and pumpx RPC endpoints to pass AccountId - Eliminates error handling for invalid Identity types
Replace Identity with AccountId parameter in PumpxNotifyLimitOrderResult task to maintain consistency with other native tasks and simplify the implementation by removing the Identity-to-AccountId conversion logic. Changes: - Update NativeTask enum to use AccountId instead of Identity - Remove Identity conversion workaround in native task handler - Update RPC method implementations to pass AccountId directly - Clean up unused Identity imports
Replace Identity with AccountId parameter in RequestIntent task to standardize parameter types across native tasks and eliminate redundant Identity-to-AccountId conversions. Changes: - Update NativeTask::RequestIntent to accept AccountId directly - Remove Identity conversion logic in native task handler - Temporarily disable SystemRemark and TransferNative intents - Update RPC endpoints to pass AccountId instead of Identity - Clean up unused imports and commented code
Temporarily disable the RequestIntent TransferNative test while the omni-account pallet is being refactored to use AccountId instead of Identity parameters.
kziemianek
reviewed
Jun 23, 2025
Kailai-Wang
approved these changes
Jun 23, 2025
| auth_type: Option<OmniAccountAuthType>, | ||
| ) { | ||
| let call = parentchain_api_interface::tx().omni_account().dispatch_as_signed( | ||
| sender.hash().to_subxt_type(), |
There was a problem hiding this comment.
IIUC the problem here is the hash() right? We could later use the hash of the OmniAccount - either blake2_256 or another sha2 if we want it to be evm-friendly.
Can do together with AccountStore cleanup
wli-pro
approved these changes
Jun 24, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Authentication Flow Updates
Refactored protected RPC methods to extract AccountId from authenticated users and remove email parameter:
Refactored related NativeTask's to use OA instead of Identity.
Note: We need to refactor the omni-account pallet to adjust how intent calls are dispatched. We currently send the Identity but we should send the actual OA. Because of this, some code has been commented out (as well as the integration tests)