feat: Introduce whitelisted logic for prividium mode #4190
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…date authorizer logic - Added `whitelisted_wallets` to the YAML configuration, allowing for flexible wallet authorization. - Updated the `Authorizer` class to handle the new `whitelisted_wallets` property, supporting both 'all' and specific wallet addresses. - Enhanced `YamlParser` to parse and validate the `whitelisted_wallets` field. - Implemented a new route in `usersRoutes` to check if a user's address is whitelisted based on the updated logic.
…ion logic - Enhanced the `whitelisted_wallets` configuration to allow the literal string "all" for unrestricted access. - Updated the `Authorizer` class to include a method for checking if an address is whitelisted. - Refactored the `YamlParser` to validate the `whitelisted_wallets` field correctly. - Simplified the user route authorization check by utilizing the new method in the `Authorizer`.
aon
previously approved these changes
Jun 18, 2025
- Adjusted indentation for `groupSchema` and `contractSchema` to enhance code clarity. - Reformatted the `whitelisted_wallets` validation message for consistency in style.
- Eliminated the `RawContract` type definition from the `yaml-parser.ts` file to streamline the code and improve maintainability.
aon
previously approved these changes
Jun 23, 2025
…ng and contract permissions - Added detailed sections on wallet whitelisting, including configuration options for allowing all wallets or specific addresses. - Introduced a new section on contract and method permissions, outlining how to control access to specific methods on contracts for enhanced security.
- Corrected the whitelisted wallet address in `example-permissions.yaml`. - Added validation in `users-routes.ts` to check if the user's address is whitelisted before proceeding with user creation.
calvogenerico
previously approved these changes
Jun 23, 2025
Contributor
calvogenerico
left a comment
calvogenerico
left a comment
There was a problem hiding this comment.
Looks great!
I left a comment, but no stopper at all.
…oute - Updated the user route to directly access the address from request parameters, improving code clarity and reducing unnecessary variable declarations.
…ection - Enhanced the readability of the wallet whitelisting section by adjusting line breaks and formatting. - Clarified the descriptions for allowing all wallets and specific wallets, ensuring better understanding of configuration options.
…te-rpc - Included information on the JSON response format for address authorization checks, specifying the outcomes for whitelisted and non-whitelisted addresses.
- Enhanced the formatting of the address authorization response details for better readability. - Adjusted bullet points for clarity in the JSON response outcomes for whitelisted and non-whitelisted addresses.
- Improved the formatting of YAML code blocks for better readability in the address authorization section. - Ensured consistent indentation and line breaks for clarity in configuration examples.
- Included three new wallet addresses to the whitelisted wallets list in `example-permissions.yaml` for enhanced access control.
…tion - Changed the whitelisted wallets configuration to allow all wallets by default, removing specific addresses for a more streamlined access control approach.
tomg10
previously approved these changes
Jun 24, 2025
- Implemented a check to ensure that the user's address is whitelisted before processing any RPC calls.
…ter-labs/zksync-era into feat-whitelisting-for-prividium-mode
…s configuration - Updated the private RPC initialization command to include an integration test flag. - Added a new permissions configuration file specifically for integration tests, allowing all addresses for testing purposes. - Modified the permissions loading logic to switch between the standard and integration test permissions files based on the new flag.
Jrigada
force-pushed
the
feat-whitelisting-for-prividium-mode
branch
from
850d49c to
93de112
Compare
- Modified the initialization logic in the private RPC command to use the ecosystem path for loading permissions configuration files, ensuring correct file resolution for both standard and integration test scenarios.
tomg10
reviewed
Jun 27, 2025
tomg10
reviewed
Jun 27, 2025
- Changed the permissions file path in the private RPC initialization from a full ecosystem path to a relative reference, simplifying the configuration and improving clarity.
tomg10
approved these changes
Jun 27, 2025
github-merge-queue bot
pushed a commit
that referenced
this pull request
Jun 30, 2025
🤖 I have created a release *beep* *boop* --- ## [28.7.0](core-v28.6.0...core-v28.7.0) (2025-06-30) ### Features * add `pubdata_limit` as batch parameter ([#4228](#4228)) ([238941c](238941c)) * Add proof manager contracts submodule ([#4189](#4189)) ([0c75985](0c75985)) * **api:** remove token API ([#4180](#4180)) ([893a5bc](893a5bc)) * **api:** stabilize zks_gasPerPubdata ([#4225](#4225)) ([120fc13](120fc13)) * **api:** Support Unix domain sockets for healthcheck server ([#4226](#4226)) ([b06bacb](b06bacb)) * **en:** Use config system for env-based EN configuration ([#4104](#4104)) ([b706025](b706025)) * **fee_model:** scale the batch fee unconditionally ([#4111](#4111)) ([5e3fc0d](5e3fc0d)) * Introduce whitelisted logic for prividium mode ([#4190](#4190)) ([e86306f](e86306f)) * Prover Cluster follow-up [#2](#2) ([#4001](#4001)) ([d8ed7f7](d8ed7f7)) * **state-keeper:** add `process_block` method ([#4087](#4087)) ([c580857](c580857)) * **state-keeper:** allow sub-second block interval ([#3925](#3925)) ([4265ea8](4265ea8)) ### Bug Fixes * **consensus:** Handle custom reverts on VM calls ([#4174](#4174)) ([c511cd0](c511cd0)) * **consensus:** Update consensus dependencies ([#4186](#4186)) ([110a527](110a527)) * **en:** Fix parsing consensus secrets ([#4216](#4216)) ([20c7913](20c7913)) * **eth-watcher:** handle get_logs timeout in eth watch ([#4224](#4224)) ([26e5fc4](26e5fc4)) * Fix crate features some more ([#4177](#4177)) ([2964b93](2964b93)) * Fix node_framework feature for high-level crates ([#4171](#4171)) ([d42e98d](d42e98d)) * **prover:** Use unified prometheus initialization ([#4173](#4173)) ([db4f036](db4f036)) * **prover:** Use unified Prometheus initialization in gateway and job monitor ([#4191](#4191)) ([f93704e](f93704e)) ### Performance Improvements * Instrumentation for Jemalloc (pt. 2) ([#4204](#4204)) ([5e0bd65](5e0bd65)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: zksync-era-bot <[email protected]>
dutterbutter
pushed a commit
to dutterbutter/zkstack-cli
that referenced
this pull request
Jul 3, 2025
🤖 I have created a release *beep* *boop* --- ## [28.7.0](matter-labs/zksync-era@core-v28.6.0...core-v28.7.0) (2025-06-30) ### Features * add `pubdata_limit` as batch parameter ([#4228](matter-labs/zksync-era#4228)) ([238941c](matter-labs/zksync-era@238941c)) * Add proof manager contracts submodule ([#4189](matter-labs/zksync-era#4189)) ([7b69c19](matter-labs/zksync-era@7b69c19)) * **api:** remove token API ([#4180](matter-labs/zksync-era#4180)) ([893a5bc](matter-labs/zksync-era@893a5bc)) * **api:** stabilize zks_gasPerPubdata ([#4225](matter-labs/zksync-era#4225)) ([120fc13](matter-labs/zksync-era@120fc13)) * **api:** Support Unix domain sockets for healthcheck server ([#4226](matter-labs/zksync-era#4226)) ([b06bacb](matter-labs/zksync-era@b06bacb)) * **en:** Use config system for env-based EN configuration ([#4104](matter-labs/zksync-era#4104)) ([a52b5eb](matter-labs/zksync-era@a52b5eb)) * **fee_model:** scale the batch fee unconditionally ([#4111](matter-labs/zksync-era#4111)) ([5e3fc0d](matter-labs/zksync-era@5e3fc0d)) * Introduce whitelisted logic for prividium mode ([#4190](matter-labs/zksync-era#4190)) ([e86306f](matter-labs/zksync-era@e86306f)) * Prover Cluster follow-up [#2](matter-labs/zksync-era#2) ([#4001](matter-labs/zksync-era#4001)) ([75ed817](matter-labs/zksync-era@75ed817)) * **state-keeper:** add `process_block` method ([#4087](matter-labs/zksync-era#4087)) ([c580857](matter-labs/zksync-era@c580857)) * **state-keeper:** allow sub-second block interval ([#3925](matter-labs/zksync-era#3925)) ([4265ea8](matter-labs/zksync-era@4265ea8)) ### Bug Fixes * **consensus:** Handle custom reverts on VM calls ([#4174](matter-labs/zksync-era#4174)) ([c511cd0](matter-labs/zksync-era@c511cd0)) * **consensus:** Update consensus dependencies ([#4186](matter-labs/zksync-era#4186)) ([5c6a4e2](matter-labs/zksync-era@5c6a4e2)) * **en:** Fix parsing consensus secrets ([#4216](matter-labs/zksync-era#4216)) ([20c7913](matter-labs/zksync-era@20c7913)) * **eth-watcher:** handle get_logs timeout in eth watch ([#4224](matter-labs/zksync-era#4224)) ([26e5fc4](matter-labs/zksync-era@26e5fc4)) * Fix crate features some more ([#4177](matter-labs/zksync-era#4177)) ([2964b93](matter-labs/zksync-era@2964b93)) * Fix node_framework feature for high-level crates ([#4171](matter-labs/zksync-era#4171)) ([d42e98d](matter-labs/zksync-era@d42e98d)) * **prover:** Use unified prometheus initialization ([#4173](matter-labs/zksync-era#4173)) ([db4f036](matter-labs/zksync-era@db4f036)) * **prover:** Use unified Prometheus initialization in gateway and job monitor ([#4191](matter-labs/zksync-era#4191)) ([f93704e](matter-labs/zksync-era@f93704e)) ### Performance Improvements * Instrumentation for Jemalloc (pt. 2) ([#4204](matter-labs/zksync-era#4204)) ([eb70e4d](matter-labs/zksync-era@eb70e4d)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: zksync-era-bot <[email protected]>
jishnundth
pushed a commit
to jishnundth/zksync-era
that referenced
this pull request
Oct 6, 2025
## What ❔ - Added `whitelisted_wallets` to the YAML configuration, allowing for flexible wallet authorization. - Updated the `Authorizer` class to handle the new `whitelisted_wallets` property, supporting both 'all' and specific wallet addresses. - Enhanced `YamlParser` to parse and validate the `whitelisted_wallets` field. - Implemented a new route in `usersRoutes` to check if a user's address is whitelisted based on the updated logic. ## Why ❔ <!-- Why are these changes done? What goal do they contribute to? What are the principles behind them? --> <!-- The `Why` has to be clear to non-Matter Labs entities running their own ZK Chain --> <!-- Example: PR templates ensure PR reviewers, observers, and future iterators are in context about the evolution of repos. --> ## Is this a breaking change? - [ ] Yes - [ ] No ## Operational changes <!-- Any config changes? Any new flags? Any changes to any scripts? --> <!-- Please add anything that non-Matter Labs entities running their own ZK Chain may need to know --> ## Checklist <!-- Check your PR fulfills the following items. --> <!-- For draft PRs check the boxes as you complete them. --> - [ ] PR title corresponds to the body of PR (we generate changelog entries from PRs). - [ ] Tests for the changes have been added / updated. - [ ] Documentation comments have been added / updated. - [ ] Code has been formatted via `zkstack dev fmt` and `zkstack dev lint`.
jishnundth
pushed a commit
to jishnundth/zksync-era
that referenced
this pull request
Oct 6, 2025
🤖 I have created a release *beep* *boop* --- ## [28.7.0](matter-labs/zksync-era@core-v28.6.0...core-v28.7.0) (2025-06-30) ### Features * add `pubdata_limit` as batch parameter ([matter-labs#4228](matter-labs#4228)) ([238941c](matter-labs@238941c)) * Add proof manager contracts submodule ([matter-labs#4189](matter-labs#4189)) ([0c75985](matter-labs@0c75985)) * **api:** remove token API ([matter-labs#4180](matter-labs#4180)) ([893a5bc](matter-labs@893a5bc)) * **api:** stabilize zks_gasPerPubdata ([matter-labs#4225](matter-labs#4225)) ([120fc13](matter-labs@120fc13)) * **api:** Support Unix domain sockets for healthcheck server ([matter-labs#4226](matter-labs#4226)) ([b06bacb](matter-labs@b06bacb)) * **en:** Use config system for env-based EN configuration ([matter-labs#4104](matter-labs#4104)) ([b706025](matter-labs@b706025)) * **fee_model:** scale the batch fee unconditionally ([matter-labs#4111](matter-labs#4111)) ([5e3fc0d](matter-labs@5e3fc0d)) * Introduce whitelisted logic for prividium mode ([matter-labs#4190](matter-labs#4190)) ([e86306f](matter-labs@e86306f)) * Prover Cluster follow-up [matter-labs#2](matter-labs#2) ([matter-labs#4001](matter-labs#4001)) ([d8ed7f7](matter-labs@d8ed7f7)) * **state-keeper:** add `process_block` method ([matter-labs#4087](matter-labs#4087)) ([c580857](matter-labs@c580857)) * **state-keeper:** allow sub-second block interval ([matter-labs#3925](matter-labs#3925)) ([4265ea8](matter-labs@4265ea8)) ### Bug Fixes * **consensus:** Handle custom reverts on VM calls ([matter-labs#4174](matter-labs#4174)) ([c511cd0](matter-labs@c511cd0)) * **consensus:** Update consensus dependencies ([matter-labs#4186](matter-labs#4186)) ([110a527](matter-labs@110a527)) * **en:** Fix parsing consensus secrets ([matter-labs#4216](matter-labs#4216)) ([20c7913](matter-labs@20c7913)) * **eth-watcher:** handle get_logs timeout in eth watch ([matter-labs#4224](matter-labs#4224)) ([26e5fc4](matter-labs@26e5fc4)) * Fix crate features some more ([matter-labs#4177](matter-labs#4177)) ([2964b93](matter-labs@2964b93)) * Fix node_framework feature for high-level crates ([matter-labs#4171](matter-labs#4171)) ([d42e98d](matter-labs@d42e98d)) * **prover:** Use unified prometheus initialization ([matter-labs#4173](matter-labs#4173)) ([db4f036](matter-labs@db4f036)) * **prover:** Use unified Prometheus initialization in gateway and job monitor ([matter-labs#4191](matter-labs#4191)) ([f93704e](matter-labs@f93704e)) ### Performance Improvements * Instrumentation for Jemalloc (pt. 2) ([matter-labs#4204](matter-labs#4204)) ([5e0bd65](matter-labs@5e0bd65)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: zksync-era-bot <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What ❔
whitelisted_walletsto the YAML configuration, allowing for flexible wallet authorization.Authorizerclass to handle the newwhitelisted_walletsproperty, supporting both 'all' and specific wallet addresses.YamlParserto parse and validate thewhitelisted_walletsfield.usersRoutesto check if a user's address is whitelisted based on the updated logic.Why ❔
Is this a breaking change?
Operational changes
Checklist
zkstack dev fmtandzkstack dev lint.