Skip to content

A Substrate frame pallet for account-level permissioning using account whitelisting.

License

Notifications You must be signed in to change notification settings

UncleTom29/substrate-account-filter

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Substrate Account Filter

A Substrate pallet for account-level filtering/permissioning.

The pallet maintains a allow-list of accounts that are permitted to submit extrinsics. Sudo (or any other governance mechanism, when supported) could be used to add and remove accounts from this list.

The filtering of incoming extrinsics and their sender accounts is done during the transaction queue validation, using the SignedExtension trait.

Usage

  • Add the module's dependency in the Cargo.toml of your runtime directory. Make sure to enter the correct path or git url of the pallet as per your setup.
[dependencies.account_filter]
package = 'substrate-account-filter'
git = 'https://github.com/uncletom29/substrate-account-filter.git'
default-features = false
  • Declare the pallet in your runtime/src/lib.rs.
pub use account_filter;

impl account_filter::Config for Runtime {
    type Event = Event;
}

construct_runtime!(
    pub enum Runtime where
        Block = Block,
        NodeBlock = opaque::Block,
        UncheckedExtrinsic = UncheckedExtrinsic
    {
        ...
        ...
        ...
        AccountFilter: account_filter::{Module, Call, Storage, Event<T>, Config<T>},
    }
);
  • Add the module's AllowAccount type in the SignedExtra checklist.
pub type SignedExtra = (
    ...
    ...
    balances::TakeFees<Runtime>,
    account_filter::AllowAccount<Runtime>
  • Add a genesis configuration for the module in the src/chain_spec.rs file. This configuration adds the initial account ids to the account allow-list.
    use node_template_runtime::{..., AccountFilterConfig};
    ...
    account_filter: Some(AccountFilterConfig {
        allowed_accounts: vec![
            (get_account_id_from_seed::<sr25519::Public>("Alice"), ()),
            (get_account_id_from_seed::<sr25519::Public>("Bob"), ())],
    }),
  • cargo build --release and then cargo run --release -- --dev

When the node starts, only the AccountIds added in the genesis config of this module will be able to send extrinsics to the runtime. This means that you should not leave the genesis config empty or else no one will be able to submit any extrinsics.

New AccountIds can be added to the allow-list by calling the pallet's add_account function using root key as origin.

Potential extension

  • The addition and removal of AccountIds to the allow-list can also be done using other governance methods instead of root.
  • The logic can be reversed to maintain a deny-list of accounts to prevent those AccountIds from sending extrinsics.

About

A Substrate frame pallet for account-level permissioning using account whitelisting.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages