fix(authenticators): Nested config encoding, use base64 (#339)

Fixes nested Authenticator AnyOf/AllOf `config` encoding to be array of
bytes:
- implements manual `serde` serializer;
- use base64.

Author: v0-e

v4-client-rs/client/Cargo.toml

@@ -24,6 +24,7 @@ telemetry = [
 [dependencies]
 anyhow.workspace = true
 async-trait.workspace = true
+base64 = "0.22"
 bigdecimal.workspace = true
 bip32 = { version = "0.5", default-features = false, features = ["bip39", "alloc", "secp256k1"] }
 cosmrs = "0.21.1"

v4-client-rs/client/src/node/client/authenticators.rs

@@ -1,10 +1,11 @@
 use super::*;
 
 use anyhow::{anyhow as err, ensure, Error};
+use base64::prelude::*;
 use dydx_proto::dydxprotocol::accountplus::{
     AccountAuthenticator, GetAuthenticatorsRequest, MsgAddAuthenticator, MsgRemoveAuthenticator,
 };
-use serde::{Deserialize, Serialize};
+use serde::ser;
 
 /// [`NodeClient`] Authenticator requests dispatcher.
 pub struct Authenticators<'a> {
@@ -13,20 +14,19 @@ pub struct Authenticators<'a> {
 
 /// [`Authenticator`] type.
 /// An authenticator can be composed by a single or multiple types.
-#[derive(Debug, Clone, Eq, Hash, PartialEq, Serialize, Deserialize)]
-#[serde(tag = "type", content = "config")]
+#[derive(Debug, Clone, Eq, Hash, PartialEq)]
 pub enum Authenticator {
     /// Enables authentication via a specific key.
     SignatureVerification(Vec<u8>),
     /// Restricts authentication to certain message types. Configured using string bytes, with
     /// different message types separated by commas.
-    MessageFilter(Vec<u8>),
+    MessageFilter(String),
     /// Restricts authentication to certain subaccount constraints. Configured using string bytes,
     /// with different IDs separated by commas.
-    SubaccountFilter(Vec<u8>),
+    SubaccountFilter(String),
     /// Restricts transactions to specific CLOB pair IDs. Configured using string bytes, with
     /// different subaccount numbers separated by commas.
-    ClobPairIdFilter(Vec<u8>),
+    ClobPairIdFilter(String),
     /// Composable type, restricts authentication if any sub-authenticator is valid.
     AnyOf(Vec<Authenticator>),
     /// Composable type, restricts authentication if all sub-authenticators are valid.
@@ -125,10 +125,10 @@ impl Authenticator {
             Authenticator::AllOf(types) | Authenticator::AnyOf(types) => {
                 Ok(serde_json::to_string(&types)?.into_bytes())
             }
-            Authenticator::SignatureVerification(v)
-            | Authenticator::MessageFilter(v)
+            Authenticator::SignatureVerification(v) => Ok(v.clone()),
+            Authenticator::MessageFilter(v)
             | Authenticator::ClobPairIdFilter(v)
-            | Authenticator::SubaccountFilter(v) => Ok(v.clone()),
+            | Authenticator::SubaccountFilter(v) => Ok(v.clone().into_bytes()),
         }
     }
 
@@ -172,6 +172,38 @@ impl Authenticator {
     }
 }
 
+impl serde::Serialize for Authenticator {
+    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
+    where
+        S: serde::Serializer,
+    {
+        let mut json_obj = serde_json::Map::new();
+
+        // type (tag)
+        json_obj.insert(
+            "type".to_string(),
+            serde_json::Value::String(self.type_to_str().to_string()),
+        );
+
+        // config (content)
+        let config_bytes = match self {
+            Authenticator::SignatureVerification(bytes) => bytes.to_owned(),
+            Authenticator::MessageFilter(string)
+            | Authenticator::SubaccountFilter(string)
+            | Authenticator::ClobPairIdFilter(string) => string.clone().into_bytes(),
+            Authenticator::AnyOf(auths) | Authenticator::AllOf(auths) => {
+                serde_json::to_string(auths)
+                    .map_err(|e| ser::Error::custom(format!("JSON serialization error: {}", e)))?
+                    .into_bytes()
+            }
+        };
+        let base64 = BASE64_STANDARD.encode(config_bytes);
+        json_obj.insert("config".to_string(), serde_json::Value::String(base64));
+
+        serde_json::Value::Object(json_obj).serialize(serializer)
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;

v4-client-rs/client/tests/test_node_authenticators.rs

@@ -4,7 +4,7 @@ use env::TestEnv;
 use anyhow::Error;
 use bigdecimal::BigDecimal;
 use dydx::node::*;
-use rand::{thread_rng, Rng};
+use rand::{rng, Rng};
 use serial_test::serial;
 use std::str::FromStr;
 use tokio::time::{sleep, Duration};
@@ -24,15 +24,15 @@ async fn test_node_auth_list() -> Result<(), Error> {
 
 #[tokio::test]
 #[serial]
-async fn test_node_auth_add_allof() -> Result<(), Error> {
+async fn test_node_auth_add_allof_all_types() -> Result<(), Error> {
     let env = TestEnv::testnet().await?;
     let mut node = env.node;
     let mut account = env.account;
     let address = account.address().clone();
     let paccount = env.wallet.account_offline(1)?;
 
     let authenticator = Authenticator::AllOf(vec![
-        Authenticator::SignatureVerification(paccount.public_key().to_bytes()),
+        Authenticator::SignatureVerification(paccount.public_key().to_bytes().into()),
         Authenticator::MessageFilter("dydxprotocol.clob.MsgPlaceOrder".into()),
         Authenticator::SubaccountFilter("0".into()),
         Authenticator::ClobPairIdFilter("0,1".into()),
@@ -52,6 +52,37 @@ async fn test_node_auth_add_allof() -> Result<(), Error> {
     Ok(())
 }
 
+#[tokio::test]
+#[serial]
+async fn test_node_auth_add_allof_nested_msgs() -> Result<(), Error> {
+    let env = TestEnv::testnet().await?;
+    let mut node = env.node;
+    let mut account = env.account;
+    let address = account.address().clone();
+    let paccount = env.wallet.account_offline(1)?;
+
+    let authenticator = Authenticator::AllOf(vec![
+        Authenticator::SignatureVerification(paccount.public_key().to_bytes()),
+        Authenticator::AnyOf(vec![
+            Authenticator::MessageFilter("/dydxprotocol.clob.MsgPlaceOrder".into()),
+            Authenticator::MessageFilter("/dydxprotocol.clob.MsgCancelOrder".into()),
+        ]),
+    ]);
+    node.authenticators()
+        .add(&mut account, address, authenticator)
+        .await?;
+
+    sleep(Duration::from_secs(3)).await;
+
+    let list = node
+        .authenticators()
+        .list(account.address().clone())
+        .await?;
+    assert!(!list.is_empty());
+
+    Ok(())
+}
+
 #[tokio::test]
 #[serial]
 async fn test_node_auth_add_single() -> Result<(), Error> {
@@ -111,7 +142,7 @@ async fn test_node_auth_place_order_short_term() -> Result<(), Error> {
         .market(OrderSide::Buy, BigDecimal::from_str("0.001")?)
         .price(10) // Low slippage price to not execute
         .until(height.ahead(10))
-        .build(thread_rng().gen_range(0..100_000_000))?;
+        .build(rng().random_range(0..100_000_000))?;
 
     // Push order by permissioned account
     node.place_order(&mut paccount, order).await?;