holochain · willemolding · Jul 18, 2019 · Jun 10, 2019 · Jun 10, 2019 · Jun 10, 2019
diff --git a/CHANGELOG-UNRELEASED.md b/CHANGELOG-UNRELEASED.md
@@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Error log output added for errors occurring during `hdk::call`, including bridge call errors [#1448](https://github.com/holochain/holochain-rust/pull/1448).
 - New `uuid` parameter for `admin/dna/install_from_file`, to set the UUID of the installed DNA, changing its hash
 - **BREAKING:** Conductor configuration checks for bridges added [#1461](https://github.com/holochain/holochain-rust/pull/1461). Conductor will bail with an error message if the configuration of bridges between instances does not match the bridge requirements defined in the caller instance's DNA (required bridge missing, DNA hash mismatch, trait mismatch) or if a bridge with the handle specified in the config can not be found in the caller's DNA. 
+- **BREAKING:** Zomes must now include a `validate_agent` callback. If this rejects in any zome the DNA will not start. This can be used to enforce membrane requirements. [#1497](https://github.com/holochain/holochain-rust/pull/1497)
 
 ### Changed
 - Added a Vagrant file to support nix-shell compatible VMs on windows etc. [#1433](https://github.com/holochain/holochain-rust/pull/1433)

diff --git a/app_spec/zomes/blog/code/src/lib.rs b/app_spec/zomes/blog/code/src/lib.rs
@@ -38,6 +38,10 @@ define_zome! {
         Ok(())
     }
 
+    validate_agent: |validation_data : EntryValidationData::<AgentId>| {
+        Ok(())
+    }
+
     receive: |from, msg_json| {
         blog::handle_receive(from, JsonString::from_json(&msg_json))
     }

diff --git a/app_spec/zomes/converse/code/src/lib.rs b/app_spec/zomes/converse/code/src/lib.rs
@@ -58,6 +58,10 @@ define_zome! {
         }
     }
 
+    validate_agent: |validation_data : EntryValidationData::<AgentId>| {
+        Ok(())
+    }
+
     functions: [
         sign_message: {
             inputs: |key_id: String, message: String|,

diff --git a/app_spec/zomes/summer/code/src/lib.rs b/app_spec/zomes/summer/code/src/lib.rs
@@ -21,6 +21,10 @@ define_zome! {
         Ok(())
     }
 
+    validate_agent: |validation_data : EntryValidationData::<AgentId>| {
+        Ok(())
+    }
+
     functions: [
         sum: {
             inputs: |num1: u32, num2: u32|,

diff --git a/app_spec_proc_macro/zomes/blog/code/src/lib.rs b/app_spec_proc_macro/zomes/blog/code/src/lib.rs
@@ -50,6 +50,11 @@ pub mod blog {
         Ok(())
     }
 
+    #[validate_agent]
+    pub fn validate_agent(validation_data: EntryValidationData<AgentId>) {
+        Ok(())
+    }
+
     #[receive]
     pub fn receive(from: Address, msg_json: String) {
         blog::handle_receive(from, JsonString::from_json(&msg_json))

diff --git a/app_spec_proc_macro/zomes/converse/code/src/lib.rs b/app_spec_proc_macro/zomes/converse/code/src/lib.rs
@@ -25,6 +25,11 @@ pub mod converse {
             .map_err(|err| format!("new seed generation failed: {}",err) )
     }
 
+    #[validate_agent]
+    pub fn validate_agent(validation_data: EntryValidationData<AgentId>) {
+        Ok(())
+    }
+
     #[zome_fn("hc_public")]
     pub fn sign_message(key_id: String, message: String) -> ZomeApiResult<Signature> {
         if key_id == "" {

diff --git a/app_spec_proc_macro/zomes/summer/code/src/lib.rs b/app_spec_proc_macro/zomes/summer/code/src/lib.rs
@@ -18,6 +18,11 @@ pub mod summer {
         Ok(())
     }
 
+    #[validate_agent]
+    pub fn validate_agent(validation_data: EntryValidationData<AgentId>) {
+        Ok(())
+    }
+
     #[zome_fn("hc_public")]
     fn sum(num1: u32, num2: u32) -> ZomeApiResult<u32> {
         Ok(num1 + num2)

diff --git a/conductor_api/src/conductor/base.rs b/conductor_api/src/conductor/base.rs
@@ -1404,6 +1404,14 @@ pub mod tests {
         (i64.const 0)
     )
 
+    (func
+        (export "__hdk_validate_agent_entry")
+        (param $allocation i64)
+        (result i64)
+
+        (i64.const 0)
+    )
+
     (func
         (export "__hdk_validate_link")
         (param $allocation i64)

diff --git a/conductor_api/test-bridge-caller/src/lib.rs b/conductor_api/test-bridge-caller/src/lib.rs
@@ -26,6 +26,10 @@ define_zome! {
         Ok(())
     }
 
+    validate_agent: |validation_data : EntryValidationData::<AgentId>| {
+        Ok(())
+    }
+
     functions: [
         call_bridge: {
             inputs: | |,

diff --git a/core/src/network/test_utils.rs b/core/src/network/test_utils.rs
@@ -45,6 +45,14 @@ pub fn test_wat_always_valid() -> String {
         (i64.const 0)
     )
 
+    (func
+        (export "__hdk_validate_agent_entry")
+        (param $allocation i64)
+        (result i64)
+
+        (i64.const 0)
+    )
+
     (func
         (export "__hdk_validate_link")
         (param $allocation i64)

diff --git a/core/src/nucleus/actions/wasm-test/src/lib.rs b/core/src/nucleus/actions/wasm-test/src/lib.rs
@@ -164,6 +164,10 @@ define_zome! {
         Ok(())
     }
 
+    validate_agent: |validation_data : EntryValidationData::<AgentId>| {
+        Ok(())
+    }
+
     functions: [
         test_fn: {
             inputs: | |,

diff --git a/core/src/nucleus/ribosome/api/get_entry.rs b/core/src/nucleus/ribosome/api/get_entry.rs
@@ -146,6 +146,14 @@ pub mod tests {
         (i64.const 0)
     )
 
+    (func
+        (export "__hdk_validate_agent_entry")
+        (param $allocation i64)
+        (result i64)
+
+        (i64.const 0)
+    )
+
     (func
         (export "__hdk_get_validation_package_for_entry_type")
         (param $allocation i64)

diff --git a/core/src/nucleus/ribosome/api/mod.rs b/core/src/nucleus/ribosome/api/mod.rs
@@ -241,6 +241,14 @@ pub mod tests {
         (i64.const 0)
     )
 
+    (func
+        (export "__hdk_validate_agent_entry")
+        (param $allocation i64)
+        (result i64)
+
+        (i64.const 0)
+    )
+
     (func
         (export "__hdk_validate_link")
         (param $allocation i64)

diff --git a/core/src/nucleus/validation/agent_entry.rs b/core/src/nucleus/validation/agent_entry.rs
@@ -0,0 +1,62 @@
+use crate::{
+    context::Context,
+    nucleus::{
+        actions::run_validation_callback::run_validation_callback,
+        validation::{ValidationError, ValidationResult},
+        CallbackFnCall,
+    },
+};
+use holochain_core_types::{
+    agent::AgentId,
+    cas::content::AddressableContent,
+    entry::Entry,
+    validation::{EntryValidationData, ValidationData},
+};
+use holochain_wasm_utils::api_serialization::validation::AgentIdValidationArgs;
+
+use futures::future;
+use futures_util::future::FutureExt;
+use std::sync::Arc;
+
+pub async fn validate_agent_entry(
+    entry: Entry,
+    validation_data: ValidationData,
+    context: &Arc<Context>,
+) -> ValidationResult {
+    let dna = context.get_dna().expect("Callback called without DNA set!");
+
+    let agent_id = unwrap_to!(entry => Entry::AgentId);
+
+    let params = AgentIdValidationArgs {
+        validation_data: EntryValidationData::<AgentId>::Create {
+            entry: agent_id.to_owned(),
+            validation_data,
+        },
+    };
+
+    context.log(format!("Validating agent entry with args: {:?}", params));
+
+    let results = await!(future::join_all(dna.zomes.iter().map(|(zome_name, _)| {
+        let call = CallbackFnCall::new(&zome_name, "__hdk_validate_agent_entry", params.clone());
+        // Need to return a boxed future for it to work with join_all
+        // https://users.rust-lang.org/t/the-trait-unpin-is-not-implemented-for-genfuture-error-when-using-join-all/23612/2
+        run_validation_callback(entry.address(), call, &context).boxed()
+    })));
+
+    let errors: Vec<ValidationError> = results
+        .iter()
+        .filter_map(|r| match r {
+            Ok(_) => None,
+            Err(e) => Some(e.to_owned()),
+        })
+        .collect();
+
+    if errors.is_empty() {
+        context.log(format!("Validating agent entry success!: {:?}", results));
+        Ok(())
+    } else {
+        Err(ValidationError::Error(
+            format!("Failed to validate agent ID on a zome, {:?}", errors).into(),
+        ))
+    }
+}
diff --git a/core/src/nucleus/validation/mod.rs b/core/src/nucleus/validation/mod.rs
@@ -10,6 +10,7 @@ use holochain_core_types::{
 
 use std::sync::Arc;
 
+mod agent_entry;
 mod app_entry;
 mod header_address;
 mod link_entry;
@@ -116,13 +117,11 @@ pub async fn validate_entry(
         // a grant should always be private, so it should always pass
         EntryType::CapTokenGrant => Ok(()),
 
-        // TODO: actually check agent against app specific membrane validation rule
-        // like for instance: validate_agent_id(
-        //                      entry.clone(),
-        //                      validation_data,
-        //                      context,
-        //                    )?
-        EntryType::AgentId => Ok(()),
+        EntryType::AgentId => await!(agent_entry::validate_agent_entry(
+            entry.clone(),
+            validation_data,
+            context,
+        )),
 
         _ => Err(ValidationError::NotImplemented),
     }

diff --git a/hdk-proc-macros/src/code_generators/zome_setup.rs b/hdk-proc-macros/src/code_generators/zome_setup.rs
@@ -10,13 +10,21 @@ impl ZomeCodeDef {
             .map(|func| func.ident.clone())
             .clone();
 
+        let agent_validation_param = &self.validate_agent.validation_data_param;
+        let agent_validation_expr = &self.validate_agent.code;
+
         quote! {
             #[no_mangle]
             #[allow(unused_variables)]
             pub extern "C" fn zome_setup(zd: &mut hdk::meta::ZomeDefinition) {
                 #(
                     zd.define(#entry_fn_idents ());
                 )*
+                let validator = Box::new(|validation_data: hdk::holochain_wasm_utils::holochain_core_types::validation::EntryValidationData<hdk::holochain_core_types::agent::AgentId>| {
+                    let #agent_validation_param = validation_data;
+                    #agent_validation_expr
+                });
+                zd.define_agent_validator(validator);
             }
         }
     }

diff --git a/hdk-proc-macros/src/into_zome.rs b/hdk-proc-macros/src/into_zome.rs
@@ -1,14 +1,15 @@
 extern crate proc_macro2;
 
 use crate::zome_code_def::{
-    EntryDefCallbacks, FnDeclaration, FnParameter, GenesisCallback, ReceiveCallback, ZomeCodeDef,
-    ZomeFunction, ZomeFunctions,
+    EntryDefCallbacks, FnDeclaration, FnParameter, GenesisCallback, ReceiveCallback,
+    ValidateAgentCallback, ZomeCodeDef, ZomeFunction, ZomeFunctions,
 };
 
 use hdk::holochain_core_types::dna::{fn_declarations::TraitFns, zome::ZomeTraits};
 use std::collections::BTreeMap;
 
 static GENESIS_ATTRIBUTE: &str = "genesis";
+static VALIDATE_AGENT_ATTRIBUTE: &str = "validate_agent";
 static ZOME_FN_ATTRIBUTE: &str = "zome_fn";
 static ENTRY_DEF_ATTRIBUTE: &str = "entry_def";
 static RECEIVE_CALLBACK_ATTRIBUTE: &str = "receive";
@@ -17,6 +18,7 @@ pub trait IntoZome {
     fn extract_zome_fns(&self) -> ZomeFunctions;
     fn extract_entry_defs(&self) -> EntryDefCallbacks;
     fn extract_genesis(&self) -> GenesisCallback;
+    fn extract_validate_agent(&self) -> ValidateAgentCallback;
     fn extract_traits(&self) -> ZomeTraits;
     fn extract_receive_callback(&self) -> Option<ReceiveCallback>;
     fn extract_extra(&self) -> Vec<syn::Item>;
@@ -26,6 +28,7 @@ pub trait IntoZome {
             traits: self.extract_traits(),
             entry_def_fns: self.extract_entry_defs(),
             genesis: self.extract_genesis(),
+            validate_agent: self.extract_validate_agent(),
             receive_callback: self.extract_receive_callback(),
             zome_fns: self.extract_zome_fns(),
             extra: self.extract_extra(),
@@ -127,6 +130,53 @@ impl IntoZome for syn::ItemMod {
         }
     }
 
+    fn extract_validate_agent(&self) -> ValidateAgentCallback {
+        // find all the functions tagged as the genesis callback
+        let callbacks: Vec<syn::ItemFn> = funcs_iter(self)
+            .filter(is_tagged_with(VALIDATE_AGENT_ATTRIBUTE))
+            .fold(Vec::new(), |mut acc, func| {
+                acc.push(func);
+                acc
+            });
+        // only a single function can be tagged as validate_agent in a valid Zome.
+        // Error if there is more than one
+        // Also error if tagged function
+        match callbacks.len() {
+            0 => {
+                emit_error(&self.ident,
+                    "No validate_agent function defined! A zome definition requires a callback tagged with #[validate_agent]");
+                panic!()
+            }
+            1 => {
+                let callback = callbacks[0].clone();
+                let fn_def = zome_fn_dec_from_syn(&callback);
+
+                // must have the valid function signature which is ($ident: EntryValidationData::<AgentId>)
+                let validation_data_param = match fn_def.inputs.len() {
+                    1 => {
+                        let param = fn_def.inputs[0].clone();
+                        param.ident
+                    }
+                    _ => {
+                        emit_error(&self.ident,
+                            "incorrect number of params for validate_agent callback. Must have a single param with type `EntryValidationData::<AgentId>`");
+                        panic!()
+                    }
+                };
+
+                ValidateAgentCallback {
+                    validation_data_param,
+                    code: (*callback.block),
+                }
+            }
+            _ => {
+                emit_error(&self.ident,
+                    "Multiple functions tagged as validate_agent callback! Only one is permitted per zome definition.");
+                panic!()
+            }
+        }
+    }
+
     fn extract_zome_fns(&self) -> ZomeFunctions {
         // find all the functions tagged as the zome_fn
         funcs_iter(self)
@@ -196,6 +246,7 @@ impl IntoZome for syn::ItemMod {
                                 && !is_tagged_with(GENESIS_ATTRIBUTE)(func)
                                 && !is_tagged_with(ENTRY_DEF_ATTRIBUTE)(func)
                                 && !is_tagged_with(RECEIVE_CALLBACK_ATTRIBUTE)(func)
+                                && !is_tagged_with(VALIDATE_AGENT_ATTRIBUTE)(func)
                         } else {
                             true // and anything that is not a function
                         }

diff --git a/hdk-proc-macros/src/zome_code_def.rs b/hdk-proc-macros/src/zome_code_def.rs
@@ -15,6 +15,12 @@ pub struct ReceiveCallback {
     pub code: syn::Block,
 }
 
+#[derive(Clone, PartialEq, Debug)]
+pub struct ValidateAgentCallback {
+    pub validation_data_param: Ident,
+    pub code: syn::Block,
+}
+
 #[derive(Clone, PartialEq, Debug)]
 pub struct FnParameter {
     pub ident: Ident,
@@ -74,6 +80,7 @@ pub type EntryDefCallbacks = Vec<EntryDefCallback>;
 
 pub struct ZomeCodeDef {
     pub genesis: GenesisCallback,
+    pub validate_agent: ValidateAgentCallback,
     pub zome_fns: ZomeFunctions, // receive: ReceiveCallbacks
     pub entry_def_fns: Vec<syn::ItemFn>,
     pub traits: ZomeTraits,