Member-only story
Canister guard in Rust on the Internet Computer
I recently discovered it was possible to specify a guard function to be executed before update and query functions of canister smart contracts written in Rust on the Internet Computer.
You might tell me that the following post is just a rip off of the Crate documentation but, as I only figured out this was possible while having a look at the transaction notifier repo of OpenChat, I thought it was worth a post 😄.
Want to start building decentralized apps without learning a new programming language? Check out Juno, the open-source Blockchain-as-a-Service platform that makes it faster and easier than ever before to build dapps with frontend code only! ⚡️🚀🤯
Original approach
I began my journey with Rust when I migrated my existing Motoko code — i.e. when I upgraded the existing smart contracts of Papyrs.
As these canisters were dedicated to user data, I had to migrate functions that required access control too.
For this purpose, I implemented comparison of principals — i.e. I match the callers of functions against users that are saved in the state. If they are equals, methods can be executed, if not, I throw errors and reject the call.
Not knowing how to write guards, I basically duplicated if all around the place in every calls that needed to be protected.
use candid::Principal;
use ic_cdk::{caller, trap};
use ic_cdk_macros::{query, init};
use std::cell::RefCell;
#[derive(Default)]
pub struct State {
pub user: Option<Principal>,
}
// This canister cannot be created without user
#[init]
fn init(user: Principal) {
STATE.with(|state| {
*state.borrow_mut() = State { user: Some(user) };
});
}
// Mutable global state.
// See Roman Kashitsyn's post for more info:
// https://mmapped.blog/posts/01-effective-rust-canisters.html
thread_local! {
static STATE: RefCell<State> = RefCell::default();
}
#[query]
fn greet(name: String) -> String {
let user: Principal = STATE.with(|state| state.borrow().user).unwrap();
// 🖖 Here I check if the caller matches the user who owns the canister
if user != caller() {
trap("User does not have the permission to say hello.");
}
format!("Hello, {}!", name)
}
