iroha icon indicating copy to clipboard operation
iroha copied to clipboard

Published 20 hours ago verified publisher icon hyperledger

[BUG]: Query filtering API isn't available in smart-contracts

Open Erigara opened this issue 1 year ago • 3 comments

Currently we have some kind of inconsistency where filtering API is available through ordinary client (http), but not available in smart-contracts.

Erigara avatar Apr 11 '24 14:04 Erigara

On http client side, query gets signed as a QueryPayload structure that has authority, query and filter parameters. The authority seems to determine what the query can access from the executor side, while I am not sure why the filter is part of the signed part. It doesn't even seem to be checked and/or passed to the executor. This signed query is then encoded into Vec<u8> and wrapped with a iroha_data_model::query::QueryWithParameters, which has sorting, pagination and fetch_size. The latter parameters are not signed.

On smart contract side, query gets wrapped into a iroha_smart_contract::QueryWithParameters structure that has sorting, pagination and fetch_size. There is no signing involved, an the QueryPayload structure is not used. Seems this is what lead to omission of the filter in smart contracts. The authority is rightfully omitted, as the executor's queries are not permissioned.

I think it would make sense to move the filter parameter to the non-signed part of the query (QueryWithParameters), both in smart contracts and in http clients

DCNick3 avatar Apr 15 '24 07:04 DCNick3

One risk with I see with that is that we might want to start passing filters to validations and sign them (see https://github.com/hyperledger/iroha/issues/3671#issuecomment-2056043375)

DCNick3 avatar Apr 15 '24 08:04 DCNick3

Moving the filter out of QueryPayload seems to not be that easy, as it would have to be passes as a query parameter, same as sorting, pagination and fetch_size. the filter is a predicate though, so it's not that easy to have a stable string representation for it (it's really supposed to be scale-encoded). I can either change the HTTP API and make it encode the whole QueryWithParameters struct (and then proceed with moving the filter to QueryWithParameters), or somehow desync the smart contract's QueryWithParameters and make it pass the filter along with other parameters

DCNick3 avatar Apr 19 '24 07:04 DCNick3