Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
479 views
in Technique[技术] by (71.8m points)

nearprotocol - creating sub-accounts accounts without exposing the master account private key

Creating main account in near protocol requires a deposit. This can make onboarding difficult for app users. Creating sub-accounts are free, but what is the best way to do it without exposing the master account private key. Should I store the private key of master account in a server and allow users to create the account?

Near api js allows creating account, will that be possible doing using python, or calling json rpc from python?


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Another option that don't require your FullAccessKey is creating sub-accounts via a contract deployed to your account.

If you are using rust and near-sdk-rs you should call the fuction create_account. This is an example from the docs about how to use it:

Promise::new("bob_near".to_string())
  .create_account()
  .transfer(1000)
  .add_full_access_key(env::signer_account_pk());

This is the code of a contract that handles sub-account creation:

use borsh::{BorshDeserialize, BorshSerialize};
use near_sdk::{env, near_bindgen, AccountId, Balance, Promise};

#[global_allocator]
static ALLOC: wee_alloc::WeeAlloc = wee_alloc::WeeAlloc::INIT;

#[near_bindgen]
#[derive(Default, BorshDeserialize, BorshSerialize)]
pub struct Registry {}

#[near_bindgen]
impl Registry {
    #[init]
    pub fn init() -> Self {}

    #[payable]
    pub fn create_account(&mut self, name: AccountId, balance: Balance) -> Promise {
        let target = format!("{}.{}", name, env::current_account_id());

        // Here add some rules in case you don't want everyone
        // to claim any unclaimed sub-account.

        Promise::new(target)
            .create_account()
            .transfer(balance)
            .add_full_access_key(env::signer_account_pk())
    }
}

To create any sub-account any user can call the function create_account function in the contract passing the name of the sub-account (only the prefix before the dot) and the balance that will be used to initialize the account.

This will work even if the main account doesn't have any FullAccessKey anymore.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...