开发指南

權限

什麼是權限

DMC 賬戶權限有2種: owner、active,一個賬戶必須“關聯” owner、active 權限。

賬戶和權限關係

創建 DMC 賬戶

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
var DMC = require('dmc.js');
var dmc_client = DMC({
  chainId: 'c102a8115bef9e4a4e751559aac2cdc2859417e6476f8cb6054cd3f7dffe1ce4',
  keyProvider: 'creator_priKey',
  httpEndpoint: 'http://testnode.dmctech.io:8801',
  logger: {
    log: null,
    error: null
  }
});

let puklic_key = "DM74PaP2h4ikwB2zY6X4Da16vufHA1L5Cr4D2EMVeJ1WF57Xdo2Q";

dmc_client.transact_sync({
    actions: [
        {
            account: 'dmc',
            name: 'newaccount',
            authorization: [{
                actor: "Creator Name", //創建者的賬戶名
                permission: 'active',
            }],
            data: {
                creator: "Creator Name", //創建者的賬戶名
                name: "Account Name", //被創建者的賬戶名
                owner: {
                    threshold: 1,
                    keys: [{
                        key: puklic_key, //被創建者賬戶 owner 權限公鑰
                        weight: 1
                    }],
                    accounts: [],
                    waits: []
                },
                active: {
                    threshold: 1,
                    keys: [{
                        key: puklic_key, //被創建者 active 權限公鑰
                        weight: 1
                    }],
                    accounts: [],
                    waits: []
                },
            }
        }]
}, {
    blocksBehind: 3,
    expireSeconds: 30,
});

查詢 DMC 賬戶信息

1
2
3
4
5
6
7
8
9
10
11
12
var DMC = require('dmc.js');
var dmc_client = DMC({
  chainId: 'c102a8115bef9e4a4e751559aac2cdc2859417e6476f8cb6054cd3f7dffe1ce4',
  keyProvider: 'creator_priKey',
  httpEndpoint: 'http://testnode.dmctech.io:8801',
  logger: {
    log: null,
    error: null
  }
});
let account_info = dmc_client.rpc.get_account_sync(/*需要查詢的賬戶名*/"Account Name"); 
console.log(account_info)

輸出結果如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
{
  "account_name": "testatvmx4gr",
  "head_block_num": 675134,
  "head_block_time": "2023-04-08T05:08:01.500",
  "privileged": false,
  "last_code_update": "1970-01-01T00:00:00.000",
  "created": "2023-04-08T05:08:02.000",
  "ram_quota": 26464590,
  "net_weight": 100000,
  "cpu_weight": 100000,
  "net_limit": {
    "used": 0,
    "available": "8139889164420",
    "max": "8139889164420"
  },
  "cpu_limit": {
    "used": 0,
    "available": "1552560646900",
    "max": "1552560646900"
  },
  "ram_usage": 2996,
  "permissions": [
    {
      "perm_name": "active",
      "parent": "owner",
      "required_auth": {
        "threshold": 1,
        "keys": [
          {
            "key": "DM74PaP2h4ikwB2zY6X4Da16vufHA1L5Cr4D2EMVeJ1WF57Xdo2Q",
            "weight": 1
          }
        ],
        "accounts": [],
        "waits": []
      },
      "linked_actions": []
    },
    {
      "perm_name": "owner",
      "parent": "",
      "required_auth": {
        "threshold": 1,
        "keys": [
          {
            "key": "DM74PaP2h4ikwB2zY6X4Da16vufHA1L5Cr4D2EMVeJ1WF57Xdo2Q",
            "weight": 1
          }
        ],
        "accounts": [],
        "waits": []
      },
      "linked_actions": []
    }
  ],
  "total_resources": {
    "owner": "testatvmx4gr",
    "net_weight": "10.0000 DMC",
    "cpu_weight": "10.0000 DMC",
    "ram_bytes": 26463190
  },
  "self_delegated_bandwidth": null,
  "refund_request": null,
  "voter_info": null,
  "rex_info": null,
  "subjective_cpu_bill_limit": {
    "used": 0,
    "available": 0,
    "max": 0
  }
}

結果中 permissions 字段 owner、active 權限控制者確實是公鑰 DM74PaP2h4ikwB2zY6X4Da16vufHA1L5Cr4D2EMVeJ1WF57Xdo2Q 的擁有者。

分析賬戶與權限

截選部分執行腳本:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
// let puklic_key = "DM74PaP2h4ikwB2zY6X4Da16vufHA1L5Cr4D2EMVeJ1WF57Xdo2Q";
{
    owner: {
        threshold: 1,
        keys: [
            {
            key: puklic_key, 
            weight: 1
            }
        ],
        accounts: [],
        waits: []
    },
    active: {
        threshold: 1,
        keys: [
            {
            key: puklic_key, 
            weight: 1
            }
        ],
        accounts: [],
        waits: []
    },
}

以上代碼可以看到把 owner、active 權限的控制權限給了公鑰 DM74PaP2h4ikwB2zY6X4Da16vufHA1L5Cr4D2EMVeJ1WF57Xdo2Q,也就說此公鑰對應的私鑰擁有者有 owner、active 的權限。

截選部分輸出結果:

1
2
3
"ram_quota": 26464590,
"net_weight": 100000,
"cpu_weight": 100000,

代表此賬戶的 RAM、NET、CPU 資源配額,其中 RAM 配額為 26464590 字節,NET 配額為 100000,CPU 配額為 100000。

配置權限

更改賬戶 testatvmx4gr 的 active 權限。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
var DMC = require('dmc.js');
var dmc_client = DMC({
  chainId: 'c102a8115bef9e4a4e751559aac2cdc2859417e6476f8cb6054cd3f7dffe1ce4',
  keyProvider: 'creator_priKey',
  httpEndpoint: 'http://testnode.dmctech.io:8801',
  logger: {
    log: null,
    error: null
  }
});
let new_pub_key = "DM4x3FcgobQC3G54AApjgNQsd48BFpMWNNX1dPmUE2aPDdFjnnRD";
let account = "testatvmx4gr";

dmc_client.transact_sync({
    actions: [
        {
            account: 'dmc',
            name: 'updateauth',
            authorization: [{
                actor: account,
                permission: 'active',
            }],
            data: {
                account: account,
                permission: "active",
                parent: "owner",
                auth: {
                    threshold: 1,
                    keys: [{
                        key: new_pub_key,
                        weight: 1
                    }],
                    accounts: [],
                    waits: []
                },
            }
        }]
}, {
    blocksBehind: 3,
    expireSeconds: 30,
});
let account_info = dmc_client.rpc.get_account_sync(account);
console.notice(account_info);

輸出結果如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
{
  "account_name": "testatvmx4gr",
  "head_block_num": 676548,
  "head_block_time": "2023-04-08T05:19:48.500",
  "privileged": false,
  "last_code_update": "1970-01-01T00:00:00.000",
  "created": "2023-04-08T05:08:02.000",
  "ram_quota": 26464590,
  "net_weight": 100000,
  "cpu_weight": 100000,
  "net_limit": {
    "used": 161,
    "available": "7789936921593",
    "max": "7789936921754"
  },
  "cpu_limit": {
    "used": 408,
    "available": "1485812553332",
    "max": "1485812553740"
  },
  "ram_usage": 2996,
  "permissions": [
    {
      "perm_name": "active",
      "parent": "owner",
      "required_auth": {
        "threshold": 1,
        "keys": [
          {
            "key": "DM4x3FcgobQC3G54AApjgNQsd48BFpMWNNX1dPmUE2aPDdFjnnRD",
            "weight": 1
          }
        ],
        "accounts": [],
        "waits": []
      },
      "linked_actions": []
    },
    {
      "perm_name": "owner",
      "parent": "",
      "required_auth": {
        "threshold": 1,
        "keys": [
          {
            "key": "DM74PaP2h4ikwB2zY6X4Da16vufHA1L5Cr4D2EMVeJ1WF57Xdo2Q",
            "weight": 1
          }
        ],
        "accounts": [],
        "waits": []
      },
      "linked_actions": []
    }
  ],
  "total_resources": {
    "owner": "testatvmx4gr",
    "net_weight": "10.0000 DMC",
    "cpu_weight": "10.0000 DMC",
    "ram_bytes": 26463190
  },
  "self_delegated_bandwidth": null,
  "refund_request": null,
  "voter_info": null,
  "rex_info": null,
  "subjective_cpu_bill_limit": {
    "used": 0,
    "available": 0,
    "max": 0
  },
  "eosio_any_linked_actions": []
}

以上代碼調用 updateauthSync 方法,進行權限變更操作。我們把 testatvmx4gr 的 active 權限轉移給了公鑰 DM4x3FcgobQC3G54AApjgNQsd48BFpMWNNX1dPmUE2aPDdFjnnRD, owner 權限仍然保留在 DM74PaP2h4ikwB2zY6X4Da16vufHA1L5Cr4D2EMVeJ1WF57Xdo2Q

多籤

什麼是多籤

多籤即多重簽名, 我們在使用區塊鏈進行授權操作時, 都是通過私鑰進行簽名的。

閾值和權重

閾值(threshold)是你可以動用賬戶所需的最小權限, 而權重(weight)則代表你該私鑰所擁有的權限級別。

實例

單籤賬戶

權限 所屬公鑰 權重 閥值
owner 1
DM5dZut9MG9ZdqrT1WYdPkp1Txxi6JLRYEgYCtAUDWH6ymNqdJpR 1 -
active 1
DM5dZut9MG9ZdqrT1WYdPkp1Txxi6JLRYEgYCtAUDWH6ymNqdJpR 1 -

如表所示,如果要獲得 owner 權限授權,擁有者的權重必須大於等於 owner 所對應的閾值,上面的示例 owner 的閾值是1,而所屬公鑰 DM6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV 的權重是1,所以這個所屬公鑰就可以直接獲取 owner 進行操作。

active 權限同上面的解釋,我們把這種只有一個所屬公鑰的賬戶理解為單籤賬戶。

多籤賬戶

要滿足閥值的授權才能被正確簽名。

權限 所屬公鑰 權重 閥值
owner 2
DM5dZut9MG9ZdqrT1WYdPkp1Txxi6JLRYEgYCtAUDWH6ymNqdJpR 1 -
DM5UFAzxUsbjQCijL5LtS6TaTtkJgPJACZ8qwDpXyLaW3sE9Ed2D 1 -
active 1
DM5dZut9MG9ZdqrT1WYdPkp1Txxi6JLRYEgYCtAUDWH6ymNqdJpR 1 -

如表所示,要想獲得 owner 權限,必須2個所屬公鑰同時授權才可以獲得。