cougr-core 1.0.0

Cougr - A Soroban-compatible ECS framework for on-chain gaming on Stellar
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

use soroban_sdk::{Address, Env};

use super::error::AccountError;
use super::intent::{IntentProofKind, IntentSigner, SignedIntent};
use super::secp256r1_auth::{verify_secp256r1, Secp256r1Storage};

/// Base signer verification interface for the account kernel.
pub trait AccountSigner {
    fn verify(
        &self,
        env: &Env,
        account: &Address,
        intent: &SignedIntent,
    ) -> Result<(), AccountError>;
}

/// Direct owner signer backed by Soroban `require_auth`.
pub struct DirectAuthSigner;

impl AccountSigner for DirectAuthSigner {
    fn verify(
        &self,
        _env: &Env,
        account: &Address,
        intent: &SignedIntent,
    ) -> Result<(), AccountError> {
        if intent.signer.kind != IntentSigner::Direct {
            return Err(AccountError::SignerMismatch);
        }
        account.require_auth();
        Ok(())
    }
}

/// Session signer used for explicit session intents.
pub struct SessionAuthSigner;

impl AccountSigner for SessionAuthSigner {
    fn verify(
        &self,
        _env: &Env,
        _account: &Address,
        intent: &SignedIntent,
    ) -> Result<(), AccountError> {
        if intent.signer.kind != IntentSigner::Session {
            return Err(AccountError::SignerMismatch);
        }
        Ok(())
    }
}

/// Passkey signer backed by stored secp256r1 keys.
pub struct Secp256r1PasskeySigner;

impl AccountSigner for Secp256r1PasskeySigner {
    fn verify(
        &self,
        env: &Env,
        account: &Address,
        intent: &SignedIntent,
    ) -> Result<(), AccountError> {
        if intent.signer.kind != IntentSigner::Passkey {
            return Err(AccountError::SignerMismatch);
        }
        if intent.proof.kind != IntentProofKind::Secp256r1 {
            return Err(AccountError::InvalidSignature);
        }
        let key = Secp256r1Storage::find_by_label(env, account, &intent.signer.label)
            .ok_or(AccountError::SignerNotRegistered)?;
        let message = intent.action_hash.to_bytes();
        verify_secp256r1(env, &key.public_key, &message, &intent.proof.signature)
    }
}