Switch pallet-bioauth authorities to WeakBoundedVec and enable generate_storage_info (#208)

* Add required improvements for generating storage ingo at pallet-bioauth

* Change MaxNonces value

* Use force_from instead of try_push

* Return to inital test objects names

* Rename test object

* Edit a few comments

* Improvements based on review

* Edit warning message for force_from

Author: dmitrylavrenov

crates/humanode-runtime/src/lib.rs

@@ -35,7 +35,7 @@ use sp_version::NativeVersion;
 use sp_version::RuntimeVersion;
 
 // A few exports that help ease life for downstream crates.
-use codec::{Decode, Encode};
+use codec::{Decode, Encode, MaxEncodedLen};
 pub use frame_support::{
     construct_runtime, parameter_types,
     traits::{KeyOwnerProofSystem, Randomness},
@@ -207,7 +207,9 @@ impl frame_system::Config for Runtime {
 }
 
 /// The wrapper for the robonode public key, that enables ssotring it in the state.
-#[derive(Debug, Default, Clone, Copy, PartialEq, Eq, Hash, Encode, Decode, TypeInfo)]
+#[derive(
+    Debug, Default, Clone, Copy, PartialEq, Eq, Hash, Encode, Decode, TypeInfo, MaxEncodedLen,
+)]
 #[cfg_attr(feature = "std", derive(Serialize, Deserialize))]
 pub struct RobonodePublicKeyWrapper([u8; 32]);
 
@@ -417,6 +419,8 @@ const TIMESTAMP_HOUR: UnixMilliseconds = 60 * TIMESTAMP_MINUTE;
 
 parameter_types! {
     pub const AuthenticationsExpireAfter: UnixMilliseconds = 72 * TIMESTAMP_HOUR;
+    pub const MaxAuthentications: u32 = 512;
+    pub const MaxNonces: u32 = 102400;
 }
 
 impl pallet_bioauth::Config for Runtime {
@@ -432,6 +436,8 @@ impl pallet_bioauth::Config for Runtime {
     type CurrentMoment = CurrentMoment;
     type AuthenticationsExpireAfter = AuthenticationsExpireAfter;
     type WeightInfo = pallet_bioauth::weights::SubstrateWeight<Runtime>;
+    type MaxAuthentications = MaxAuthentications;
+    type MaxNonces = MaxNonces;
 }
 
 // Create the runtime by composing the FRAME pallets that were previously
@@ -553,7 +559,7 @@ impl_runtime_apis! {
 
     impl bioauth_consensus_api::BioauthConsensusApi<Block, AuraId> for Runtime {
         fn is_authorized(id: &AuraId) -> bool {
-            Bioauth::active_authentications()
+            Bioauth::active_authentications().into_inner()
                 .iter()
                 .any(|stored_public_key| &stored_public_key.public_key == id)
         }

crates/pallet-bioauth/src/lib.rs

@@ -4,9 +4,9 @@
 // Fix clippy for sp_api::decl_runtime_apis!
 #![allow(clippy::too_many_arguments, clippy::unnecessary_mut_passed)]
 
-use codec::{Decode, Encode};
-use frame_support::traits::IsSubType;
+use codec::{Decode, Encode, MaxEncodedLen};
 use frame_support::weights::DispatchInfo;
+use frame_support::{parameter_types, traits::IsSubType, WeakBoundedVec};
 pub use pallet::*;
 use scale_info::TypeInfo;
 #[cfg(feature = "std")]
@@ -85,9 +85,17 @@ pub struct Authenticate<OpaqueAuthTicket, Commitment> {
     pub ticket_signature: Commitment,
 }
 
+parameter_types! {
+    /// The maximum length of a single nonce (in bytes).
+    pub const AuthTicketNonceMaxBytes: u32 = 256;
+}
+
 /// The nonce used by robonode in the auth tickets.
 pub type AuthTicketNonce = Vec<u8>;
 
+/// The nonce type in this pallet with bounded number of bytes at the nonce.
+pub type BoundedAuthTicketNonce = WeakBoundedVec<u8, AuthTicketNonceMaxBytes>;
+
 /// The auth ticket passed to us from the robonode.
 #[cfg_attr(feature = "std", derive(Serialize, Deserialize))]
 #[derive(PartialEq, Eq, Default, Clone, Encode, Decode, Hash, Debug, TypeInfo)]
@@ -100,7 +108,7 @@ pub struct AuthTicket<PublicKey> {
 
 /// The state that we keep in the blockchain for an active authentication.
 #[cfg_attr(feature = "std", derive(Serialize, Deserialize))]
-#[derive(PartialEq, Eq, Default, Clone, Encode, Decode, Hash, Debug, TypeInfo)]
+#[derive(PartialEq, Eq, Default, Clone, Encode, Decode, Hash, Debug, TypeInfo, MaxEncodedLen)]
 pub struct Authentication<PublicKey, Moment> {
     /// The public key of a validator.
     pub public_key: PublicKey,
@@ -119,10 +127,14 @@ pub struct Authentication<PublicKey, Moment> {
 pub mod pallet {
     use crate::{
         weights::WeightInfo, AuthTicket, AuthTicketNonce, Authenticate, Authentication,
-        CurrentMoment, TryConvert, ValidatorSetUpdater, Verifier,
+        BoundedAuthTicketNonce, CurrentMoment, TryConvert, ValidatorSetUpdater, Verifier,
     };
 
-    use frame_support::{pallet_prelude::*, sp_tracing::error, storage::types::ValueQuery};
+    use codec::MaxEncodedLen;
+    use frame_support::{
+        dispatch::DispatchResult, pallet_prelude::*, sp_tracing::error, storage::types::ValueQuery,
+        WeakBoundedVec,
+    };
     use frame_system::pallet_prelude::*;
     use sp_runtime::{app_crypto::MaybeHash, traits::AtLeast32Bit};
     use sp_std::prelude::*;
@@ -141,10 +153,15 @@ pub mod pallet {
             + Parameter
             + MaybeSerializeDeserialize
             + Verifier<Self::RobonodeSignature>
-            + Default;
+            + Default
+            + MaxEncodedLen;
 
         /// The public key of the validator.
-        type ValidatorPublicKey: Member + Parameter + MaybeSerializeDeserialize + MaybeHash;
+        type ValidatorPublicKey: Member
+            + Parameter
+            + MaybeSerializeDeserialize
+            + MaybeHash
+            + MaxEncodedLen;
 
         /// The opaque auth ticket type.
         type OpaqueAuthTicket: Parameter + AsRef<[u8]> + Send + Sync;
@@ -156,7 +173,12 @@ pub mod pallet {
         >;
 
         /// Type used for expressing timestamp.
-        type Moment: Parameter + Default + AtLeast32Bit + Copy + MaybeSerializeDeserialize;
+        type Moment: Parameter
+            + Default
+            + AtLeast32Bit
+            + Copy
+            + MaybeSerializeDeserialize
+            + MaxEncodedLen;
 
         /// Type used for pretty printing the timestamp.
         type DisplayMoment: From<Self::Moment> + core::fmt::Display;
@@ -172,10 +194,17 @@ pub mod pallet {
 
         /// Weight information for extrinsics in this pallet.
         type WeightInfo: WeightInfo;
+
+        /// The maximum number of authentications.
+        type MaxAuthentications: Get<u32>;
+
+        /// The maximum number of nonces.
+        type MaxNonces: Get<u32>;
     }
 
     #[pallet::pallet]
     #[pallet::generate_store(pub(super) trait Store)]
+    #[pallet::generate_storage_info]
     pub struct Pallet<T>(_);
 
     /// The public key of the robonode.
@@ -186,13 +215,17 @@ pub mod pallet {
     /// A list of all consumed nonces.
     #[pallet::storage]
     #[pallet::getter(fn consumed_auth_ticket_nonces)]
-    pub type ConsumedAuthTicketNonces<T> = StorageValue<_, Vec<AuthTicketNonce>, ValueQuery>;
+    pub type ConsumedAuthTicketNonces<T: Config> =
+        StorageValue<_, WeakBoundedVec<BoundedAuthTicketNonce, T::MaxNonces>, ValueQuery>;
 
     /// A list of all active authentications.
     #[pallet::storage]
     #[pallet::getter(fn active_authentications)]
-    pub type ActiveAuthentications<T: Config> =
-        StorageValue<_, Vec<Authentication<T::ValidatorPublicKey, T::Moment>>, ValueQuery>;
+    pub type ActiveAuthentications<T: Config> = StorageValue<
+        _,
+        WeakBoundedVec<Authentication<T::ValidatorPublicKey, T::Moment>, T::MaxAuthentications>,
+        ValueQuery,
+    >;
 
     #[pallet::genesis_config]
     pub struct GenesisConfig<T: Config> {
@@ -217,9 +250,27 @@ pub mod pallet {
     #[pallet::genesis_build]
     impl<T: Config> GenesisBuild<T> for GenesisConfig<T> {
         fn build(&self) {
+            let bounded_consumed_auth_ticket_nonces = WeakBoundedVec::<_, T::MaxNonces>::try_from(
+                self.consumed_auth_ticket_nonces
+                    .iter()
+                    .cloned()
+                    .map(|nonce| {
+                        BoundedAuthTicketNonce::try_from(nonce)
+                            .expect("Initial nonce len must be less than AuthTicketNonceMaxBytes")
+                    })
+                    .collect::<Vec<_>>(),
+            )
+            .expect("Initial nonces must be less than T::MaxNonces");
+
+            let bounded_active_authentications =
+                WeakBoundedVec::<_, T::MaxAuthentications>::try_from(
+                    self.active_authentications.clone(),
+                )
+                .expect("Initial authentications must be less than T::MaxAuthentications");
+
             <RobonodePublicKey<T>>::put(&self.robonode_public_key);
-            <ConsumedAuthTicketNonces<T>>::put(&self.consumed_auth_ticket_nonces);
-            <ActiveAuthentications<T>>::put(&self.active_authentications);
+            <ConsumedAuthTicketNonces<T>>::put(bounded_consumed_auth_ticket_nonces);
+            <ActiveAuthentications<T>>::put(bounded_active_authentications);
 
             <Pallet<T>>::issue_validators_set_init(&self.active_authentications);
         }
@@ -285,7 +336,7 @@ pub mod pallet {
     /// Validate the incloming authentication attempt, checking the auth ticket data against
     /// the passed input.
     fn validate_authentication_attempt<'a, T: Config>(
-        consumed_auth_ticket_nonces: &'a [AuthTicketNonce],
+        consumed_auth_ticket_nonces: &'a [BoundedAuthTicketNonce],
         active_authentications: &'a [Authentication<T::ValidatorPublicKey, T::Moment>],
         auth_ticket: &AuthTicket<T::ValidatorPublicKey>,
     ) -> Result<(), AuthenticationAttemptValidationError<'a, T>> {
@@ -318,7 +369,6 @@ pub mod pallet {
             ensure_none(origin)?;
 
             let auth_ticket = Self::extract_auth_ticket_checked(req)?;
-
             let public_key = auth_ticket.public_key.clone();
 
             // Update storage.
@@ -334,12 +384,35 @@ pub mod pallet {
 
                             // Update internal state.
                             let current_moment = T::CurrentMoment::now();
-                            consumed_auth_ticket_nonces.push(auth_ticket.nonce);
-                            active_authentications.push(Authentication {
+                            let mut updated_consumed_auth_ticket_nonces =
+                                consumed_auth_ticket_nonces.clone().into_inner();
+
+                            updated_consumed_auth_ticket_nonces.push(
+                                BoundedAuthTicketNonce::force_from(
+                                    auth_ticket.nonce,
+                                    Some("bioauth::authenticate::auth_ticket_nonce"),
+                                ),
+                            );
+
+                            *consumed_auth_ticket_nonces =
+                                WeakBoundedVec::<_, T::MaxNonces>::force_from(
+                                    updated_consumed_auth_ticket_nonces,
+                                    Some("bioauth::authenticate::nonces"),
+                                );
+
+                            let mut updated_active_authentications =
+                                active_authentications.clone().into_inner();
+                            updated_active_authentications.push(Authentication {
                                 public_key: public_key.clone(),
                                 expires_at: current_moment + T::AuthenticationsExpireAfter::get(),
                             });
 
+                            *active_authentications =
+                                WeakBoundedVec::<_, T::MaxAuthentications>::force_from(
+                                    updated_active_authentications,
+                                    Some("bioauth::authentication::authentications"),
+                                );
+
                             // Issue an update to the external validators set.
                             Self::issue_validators_set_update(active_authentications.as_slice());
 
@@ -372,8 +445,15 @@ pub mod pallet {
             let update_required =
                 possibly_expired_authentications_len != active_authentications.len();
             if update_required {
+                // We use force_from and None as a resulted active authentications Vec
+                // can't become bigger than it was. Just filtering was done before.
+                let bounded_active_authentications =
+                    WeakBoundedVec::<_, T::MaxAuthentications>::force_from(
+                        active_authentications.clone(),
+                        None,
+                    );
                 Self::issue_validators_set_update(active_authentications.as_slice());
-                <ActiveAuthentications<T>>::put(active_authentications);
+                <ActiveAuthentications<T>>::put(bounded_active_authentications);
             }
 
             T::WeightInfo::on_initialize(update_required)

crates/pallet-bioauth/src/mock.rs

@@ -1,7 +1,7 @@
 use std::cell::RefCell;
 
 use crate::{self as pallet_bioauth, weights, AuthTicket, TryConvert};
-use codec::{Decode, Encode};
+use codec::{Decode, Encode, MaxEncodedLen};
 use frame_support::parameter_types;
 use frame_system as system;
 use mockall::{mock, predicate};
@@ -36,9 +36,12 @@ frame_support::construct_runtime!(
     }
 );
 
+/// Validator public key. Should be bounded.
+pub type ValidatorPublicKey = [u8; 32];
+
 #[derive(PartialEq, Eq, Default, Clone, Encode, Decode, Hash, Debug, TypeInfo)]
 #[cfg_attr(feature = "std", derive(Serialize, Deserialize))]
-pub struct MockOpaqueAuthTicket(pub AuthTicket<Vec<u8>>);
+pub struct MockOpaqueAuthTicket(pub AuthTicket<ValidatorPublicKey>);
 
 impl AsRef<[u8]> for MockOpaqueAuthTicket {
     fn as_ref(&self) -> &[u8] {
@@ -48,10 +51,12 @@ impl AsRef<[u8]> for MockOpaqueAuthTicket {
 
 pub struct MockAuthTicketConverter;
 
-impl TryConvert<MockOpaqueAuthTicket, AuthTicket<Vec<u8>>> for MockAuthTicketConverter {
+impl TryConvert<MockOpaqueAuthTicket, AuthTicket<ValidatorPublicKey>> for MockAuthTicketConverter {
     type Error = Infallible;
 
-    fn try_convert(value: MockOpaqueAuthTicket) -> Result<AuthTicket<Vec<u8>>, Self::Error> {
+    fn try_convert(
+        value: MockOpaqueAuthTicket,
+    ) -> Result<AuthTicket<ValidatorPublicKey>, Self::Error> {
         Ok(value.0)
     }
 }
@@ -71,31 +76,39 @@ impl super::Verifier<Vec<u8>> for MockVerifier {
     }
 }
 
+impl MaxEncodedLen for MockVerifier {
+    fn max_encoded_len() -> usize {
+        panic!("should be unused in tests")
+    }
+}
+
 mock! {
     pub ValidatorSetUpdater {
-        pub fn update_validators_set(&self, validator_public_keys: Vec<Vec<u8>>);
-        pub fn init_validators_set(&self, validator_public_keys: Vec<Vec<u8>>);
+        pub fn update_validators_set(&self, validator_public_keys: Vec<ValidatorPublicKey>);
+        pub fn init_validators_set(&self, validator_public_keys: Vec<ValidatorPublicKey>);
     }
 }
 
 thread_local! {
     pub static MOCK_VALIDATOR_SET_UPDATER: RefCell<MockValidatorSetUpdater> = RefCell::new(MockValidatorSetUpdater::new());
 }
 
-impl super::ValidatorSetUpdater<Vec<u8>> for MockValidatorSetUpdater {
-    fn update_validators_set<'a, I: Iterator<Item = &'a Vec<u8>> + 'a>(validator_public_keys: I)
-    where
-        Vec<u8>: 'a,
+impl super::ValidatorSetUpdater<ValidatorPublicKey> for MockValidatorSetUpdater {
+    fn update_validators_set<'a, I: Iterator<Item = &'a ValidatorPublicKey> + 'a>(
+        validator_public_keys: I,
+    ) where
+        ValidatorPublicKey: 'a,
     {
         MOCK_VALIDATOR_SET_UPDATER.with(|val| {
             val.borrow_mut()
                 .update_validators_set(validator_public_keys.cloned().collect())
         });
     }
 
-    fn init_validators_set<'a, I: Iterator<Item = &'a Vec<u8>> + 'a>(validator_public_keys: I)
-    where
-        Vec<u8>: 'a,
+    fn init_validators_set<'a, I: Iterator<Item = &'a ValidatorPublicKey> + 'a>(
+        validator_public_keys: I,
+    ) where
+        ValidatorPublicKey: 'a,
     {
         MOCK_VALIDATOR_SET_UPDATER.with(|val| {
             val.borrow_mut()
@@ -175,6 +188,8 @@ pub const AUTHENTICATIONS_EXPIRE_AFTER: UnixMilliseconds = TIMESTAMP_MINUTE;
 
 parameter_types! {
     pub const AuthenticationsExpireAfter: UnixMilliseconds = AUTHENTICATIONS_EXPIRE_AFTER;
+    pub const MaxAuthentications: u32 = 512;
+    pub const MaxNonces: u32 = 512;
 }
 
 pub struct DisplayMoment;
@@ -195,7 +210,7 @@ impl pallet_bioauth::Config for Test {
     type Event = Event;
     type RobonodePublicKey = MockVerifier;
     type RobonodeSignature = Vec<u8>;
-    type ValidatorPublicKey = Vec<u8>;
+    type ValidatorPublicKey = ValidatorPublicKey;
     type OpaqueAuthTicket = MockOpaqueAuthTicket;
     type AuthTicketCoverter = MockAuthTicketConverter;
     type ValidatorSetUpdater = MockValidatorSetUpdater;
@@ -204,6 +219,8 @@ impl pallet_bioauth::Config for Test {
     type CurrentMoment = MockCurrentMomentProvider;
     type AuthenticationsExpireAfter = AuthenticationsExpireAfter;
     type WeightInfo = weights::SubstrateWeight<Test>;
+    type MaxAuthentications = MaxAuthentications;
+    type MaxNonces = MaxNonces;
 }
 
 /// Build test externalities from the default genesis.