帐户标识 EOSIO 区块链中的参与者,要应用 EOSIO 区块链,首先须要创立一个帐户。而后能够将智能合约部署到该帐户,并应用其余帐户权限来受权智能合约交易。本教程具体介绍了 eosio.system 智能合约中的账户和权限模块,实用于 EOS 智能合约的高级开发人员,相熟如何进行账户的创立、短账户的竞标,以及自定义权限的创立、链接、勾销链接、删除等。
01
概述
(一)账户简介
EOSIO 帐户是由 12 个字符组成,仅蕴含小写字母 a - z 和数字 1 -5。每个账户的所有权仅由账户名称决定,因而一个帐户能够更新其密钥,而不用将它们从新分发给其余方。除了账户名,账户实例还与其余字段相关联,例如创立工夫、ram 配额 / 应用、cpu/net 限度 / 权重等(如下图)。与此同时,每个帐户都领有独立的命名权限列表,通过灵便的权限构造使单用户或多用户受权成为可能。
(二)短账户竞拍
通常状况下,EOSIO 帐户是由 12 个字符组成,仅蕴含小写字母 a - z 和数字 1 -5。咱们在各大钱包注册账户的时候,也只能注册 12 位的账户地址。不过,EOSIO 零碎中是有短账户存在的。依据 EOSIO 账户名的格局限度,小于 12 位的账户必须启用竞拍机制。咱们能够在 EOSIO 零碎中进行【账户竞拍】,例如:a/com/cn/eos/ 1 等短账户。如果咱们竞拍到账户【a】,就能够创立任何以【.a】为后缀的所有账户,如:a.a/bb.a/111.a 等。
(三)权限简介
通过权限能够管制 EOSIO 帐户容许做什么,以及如何进行受权操作。这是由一个灵便的权限构造来实现的,该构造将每个帐户链接到一个分层命名权限列表,并将每个命名权限链接到一个权限表(如下图)。EOSIO 中容许分层权限级别,例如图中 parent 字段将命名权限级别链接到其父权限。
(四)权限级别
命名权限能够在另一个权限下创立,从而容许分层的父子权限构造。每个账户在创立时,默认会生成两个命名权限:owner 和 active,其中 owner 是 acive 的父权限。当然,这也能够通过增加其余权限级别和层次结构来自定义。
1、Owner 权限
owner 权限位于每个帐户权限层次结构的根部,是帐户在其权限构造中能够领有的最高绝对权限。只管 owner 权限能够执行较低级别权限能够执行的任何操作,但它通常用于在较低级别权限受到毁坏时进行复原。因而,与 owner 权限关联的密钥通常保留在冷藏库中,不用于签订惯例操作。
2、Active 权限
active 权限位于层次结构中 owner 权限的下一级,在以后的 EOSIO 实现中,是链接到所有操作的隐式默认权限。因而,除了更改与 owner 关联的密钥外,active 权限能够执行 owner 权限能够执行的任何操作。个别状况下,active 权限能够用于投票、转账等账户操作。
3、自定义权限
自定义权限是 EOSIO 帐户自行创立的任意命名权限,通常作为 owner,active 或其余自定义权限的子权限。自定义权限须要指定公私钥对,能够链接到智能合约操作,同时指定执行该操作所需的权限。通过 EOSIO 账户和权限构造,能够对智能合约操作进行灵便且精密的管制。
02
账户的操作
(一)筹备工作
1、一条正在运行且可拜访的区块链
中移链(基于 EOS)测试环境搭建:
https://mp.weixin.qq.com/s/NBNFk9Xk9FCukMVgl0tfHA
2、确保本地钱包已关上并解锁
如何创立钱包:
https://developers.eos.io/manuals/eos/latest/cleos/how-to-gui…
3、已实现 eosio.contracts 的构建和部署
如何构建 eosio.contracts:
https://developers.eos.io/manuals/eosio.contracts/latest/buil…
(二)创立账户
1、创立密钥对
第一种形式:创立公钥 / 私钥对并将它们打印到控制台,其中 –to-console= 将密钥对打印到控制台的选项参数。
# 示例输入:Private key: 5JX5oYkHjLBqdQLy7ofDfz4MFzYkMzvLwnJYaFpKbcsuiTQiPjv
Public key: EOS66tp9fQ6kYGQ6kJzt8goLmvvMY7Xmb2u1HFer3PScPahbSjqpt
第二种形式:创立公钥 / 私钥对并将其保留到文件中,其中 –file= 将密钥对保留到文件的选项参数。
cat pw.txt
# 示例输入:Private key: 5JW1NqFovGTo9wX3MLJAWWFP7PhMH82jcr2c5DKcky64ZgV6LQJ
Public key: EOS5sbzsWwmDPcW64nmYiGpjAhQj4i7XCz6bznr5TZ73VAKWFg6C2
2、创立一个账户
初始化零碎合约之前:运行以下命令创立新帐户 bob,其中 eosio= 受权创立新账户的零碎账户,bob= 合乎账户命名标准的新账户名称,EOS87TQ…AoLGNN= 新帐户的 owner 公钥,此时不须要初始化 NET、CPU、RAM 等资源。
# 示例输入:executed transaction: 4d65a274de9f809f9926b74c3c54aadc0947020bcfb6dd96043d1bcd9c46604c 200 bytes 166 us
# eosio <= eosio::newaccount {"creator":"eosio","name":"bob","owner":{"threshold":1,"keys":[{"key":"EOS87TQktA5RVse2EguhztfQVEh6X...
warning: transaction executed locally, but may not be confirmed by the network yet ]
初始化零碎合约之后:运行以下命令创立新帐户 testaccount1,eosio= 受权创立新账户的零碎账户,testaccount1= 合乎账户命名标准的新账户名称,EOS7TBG…wsq6kT= 新帐户的 owner 公钥,EOS5sbz…WFg6C2= 新帐户的 active 公钥,–stake-net= 质押的 NET 资源(单位:SYS),–stake-cpu= 质押的 CPU 资源(单位:SYS),–buy-ram-kbytes= 购买的 RAM 资源(单位:KB)。
# 示例输入:executed transaction: 1dec3d4ea7203ef0d9d29fb8734aa78770848c0867b1d331382922b0c2534e9a 336 bytes 1795 us
# eosio <= eosio::newaccount {"creator":"eosio","name":"testaccount1","owner":{"threshold":1,"keys":[{"key":"EOS7TBGFys7sqAEWjvsH...
# eosio <= eosio::buyrambytes {"payer":"eosio","receiver":"testaccount1","bytes":1048576}
# eosio <= eosio::delegatebw {"from":"eosio","receiver":"testaccount1","stake_net_quantity":"1.0000 SYS","stake_cpu_quantity":"1....
# eosio.token <= eosio.token::transfer {"from":"eosio","to":"eosio.ram","quantity":"15.3005 SYS","memo":"buy ram"}
# eosio.token <= eosio.token::transfer {"from":"eosio","to":"eosio.ramfee","quantity":"0.0769 SYS","memo":"ram fee"}
# eosio <= eosio.token::transfer {"from":"eosio","to":"eosio.ram","quantity":"15.3005 SYS","memo":"buy ram"}
# eosio.ram <= eosio.token::transfer {"from":"eosio","to":"eosio.ram","quantity":"15.3005 SYS","memo":"buy ram"}
# eosio <= eosio.token::transfer {"from":"eosio","to":"eosio.ramfee","quantity":"0.0769 SYS","memo":"ram fee"}
# eosio.ramfee <= eosio.token::transfer {"from":"eosio","to":"eosio.ramfee","quantity":"0.0769 SYS","memo":"ram fee"}
# eosio.token <= eosio.token::transfer {"from":"eosio","to":"eosio.stake","quantity":"2.0000 SYS","memo":"stake bandwidth"}
# eosio <= eosio.token::transfer {"from":"eosio","to":"eosio.stake","quantity":"2.0000 SYS","memo":"stake bandwidth"}
# eosio.stake <= eosio.token::transfer {"from":"eosio","to":"eosio.stake","quantity":"2.0000 SYS","memo":"stake bandwidth"}
warning: transaction executed locally, but may not be confirmed by the network yet ]
03
权限的操作
(一)筹备工作
1、一个名为 testaccount2 的帐户,以及管制此帐户的密钥存储在本地钱包中。
2、一个名为 testscholder 的帐户,以及管制此帐户的密钥存储在本地钱包中。
3、一个名为 hello 的智能合约已部署到 testscholder 帐户。
#include <eosio/eosio.hpp>
class [[eosio::contract]] hello : public eosio::contract {
public:
using eosio::contract::contract;
[[eosio::action]] void what(eosio::name user) {print( "hi, what do you want", user);
}
[[eosio::action]] void why(eosio::name user) {print( "why not", user);
}
[[eosio::action]] void how(eosio::name user) {print( "how are you", user);
}
};
(二)创立自定义权限
1、应用命令 cleos set account permission 在 testaccount2 账户上创立自定义权限 customp1,父级是 active 权限。
# 示例输入:executed transaction: 6eda9c3cde793064eea900800f892d55891ddf6f2427d97f41943666c40219b9 160 bytes 184 us
# eosio <= eosio::updateauth {"account":"testaccount2","permission":"customp1","parent":"active","auth":{"threshold":1,"keys":[{"...
warning: transaction executed locally, but may not be confirmed by the network yet ]
2、应用同样命令在 testaccount2 账户上创立自定义权限 customp2,父级是 customp1 权限。
# 示例输入:executed transaction: 4d65bbbf6a3e5711be413994c59ad1744bf3ca5ff4b678a98a7e002556564188 160 bytes 221 us
# eosio <= eosio::updateauth {"account":"testaccount2","permission":"customp2","parent":"customp1","auth":{"threshold":1,"keys":[...
warning: transaction executed locally, but may not be confirmed by the network yet
3、您能够在不指定父级的状况下创立自定义权限,这将默认以 active 权限为父级。
# 示例输入:executed transaction: aa1bcef2a8db09111160b5d393797b4252ac5909c4dbb1881af846f44b887491 160 bytes 208 us
# eosio <= eosio::updateauth {"account":"testaccount2","permission":"customp3","parent":"active","auth":{"threshold":1,"keys":[{"...
warning: transaction executed locally, but may not be confirmed by the network yet ]
(三)链接自定义权限
领有自定义权限后,您能够将此自定义权限链接到智能合约操作,须要该权限级别或更高级别的受权能力执行操作。上面将两个自定义权限 customp1 和 customp2 链接到两个操作 what 和 how。customp1 可能调用 what 以及 how。权限 customp1 是 customp2 的父级,因而可能调用 customp2 能够调用的任何内容。customp2 可能调用 how。上面通过应用权限去调用智能合约操作来测试这一点。
1、应用命令 cleos set action permission 将自定义权限 customp1 链接到 what 操作。
# 示例输入:executed transaction: 975d6d88f1324e431db49a9ec86e86b70ea733bdf4a7415266dac4de1614e7c9 128 bytes 19436 us
# eosio <= eosio::linkauth {"account":"testaccount2","code":"testscholder","type":"what","requirement":"customp1"}
warning: transaction executed locally, but may not be confirmed by the network yet ]
2、应用命令 cleos set action permission 将自定义权限 customp2 链接到 how 操作。
# 示例输入:executed transaction: 74b7f0da804413fe6200d1501f82bf4804a973e89395084ec529dbe8463c115e 128 bytes 227 us
# eosio <= eosio::linkauth {"account":"testaccount2","code":"testscholder","type":"how","requirement":"customp2"}
warning: transaction executed locally, but may not be confirmed by the network yet ]
3、应用 customp1 权限别离调用操作 why、what、how,能够胜利调用 what 和 how 动作,但无奈调用 why 动作。
# 示例输入:Error 3090005: Irrelevant authority included
Please remove the unnecessary authority from your action!
Error Details:
action declares irrelevant authority '{"actor":"testaccount2","permission":"customp1"}'; minimum authority is {"actor":"testaccount2","permission":"active"}
cleos push action testscholder what '["name"]' -p testaccount2@customp1
# 示例输入:executed transaction: 2e4d6008abb95441bbb4e2458d09e697a87d6d4e31deede86b445d8f9e7b6c26 104 bytes 228 us
# testscholder <= testscholder::what {"user":"name"}
>> hi, what do you want name
warning: transaction executed locally, but may not be confirmed by the network yet ]
cleos push action testscholder how '["name"]' -p testaccount2@customp1
# 示例输入:executed transaction: b3d0c8d381952c28df4bca6a9f4bd39439abc0f28ce9c0fc8a3e0621f6aa8ce6 104 bytes 173 us
# testscholder <= testscholder::how {"user":"name"}
>> how are you name
warning: transaction executed locally, but may not be confirmed by the network yet ]
4、应用 customp2 权限别离调用操作 why、what、how,能够胜利调用 how 动作,但无奈调用 why 和 what 动作。
# 示例输入:Error 3090005: Irrelevant authority included
Please remove the unnecessary authority from your action!
Error Details:
action declares irrelevant authority '{"actor":"testaccount2","permission":"customp2"}'; minimum authority is {"actor":"testaccount2","permission":"active"}
cleos push action testscholder what '["name"]' -p testaccount2@customp2
# 示例输入:Error 3090005: Irrelevant authority included
Please remove the unnecessary authority from your action!
Error Details:
action declares irrelevant authority '{"actor":"testaccount2","permission":"customp2"}'; minimum authority is {"actor":"testaccount2","permission":"customp1"}
cleos push action testscholder how '["name"]' -p testaccount2@customp2
# 示例输入:executed transaction: 46b3cfc82741a5d9bce283dd7d46f63575411f6fd8c77c6df7a6991667aa3d6a 104 bytes 208 us
# testscholder <= testscholder::how {"user":"name"}
>> how are you name
warning: transaction executed locally, but may not be confirmed by the network yet ]
(四)勾销链接自定义权限
勾销 customp2 权限的链接,只保留 customp1 权限的链接。这样 customp1 权限能够调用 what,然而 customp2 权限已勾销链接,因而应该无奈调用任何内容。上面通过应用权限去调用智能合约操作来测试这一点。
1、应用命令 cleos set action permission 勾销 customp2 权限与 how 操作的链接。
# 示例输入:executed transaction: b7f091b92a13e1c7d6688f06c440dd9b6a7c12a2bf7fbc4ed4d891b3921113b0 120 bytes 212 us
# eosio <= eosio::unlinkauth {"account":"testaccount2","code":"testscholder","type":"how"}
warning: transaction executed locally, but may not be confirmed by the network yet ]
2、应用 customp1 权限和 customp2 权限别离调用操作 how,应该都无奈调用 how 动作。
# 示例输入:Please remove the unnecessary authority from your action!
Error Details:
action declares irrelevant authority '{"actor":"testaccount2","permission":"customp1"}'; minimum authority is {"actor":"testaccount2","permission":"active"}
cleos push action testscholder how '["name"]' -p testaccount2@customp2
# 示例输入:Error 3090005: Irrelevant authority included
Please remove the unnecessary authority from your action!
Error Details:
action declares irrelevant authority '{"actor":"testaccount2","permission":"customp2"}'; minimum authority is {"actor":"testaccount2","permission":"active"}
(五)删除自定义权限
1、customp2 权限曾经勾销链接,能够应用命令 cleos set account permission 删除此权限。
# 示例输入:executed transaction: 95392e8442b9aa82fedf4e757f7962cb5d208ca99228f8901bcac20d22d4ac7d 112 bytes 15996 us
# eosio <= eosio::deleteauth {"account":"testaccount2","permission":"customp2"}
warning: transaction executed locally, but may not be confirmed by the network yet ]
-END-