Validate unsigned -> pallet::authorize

Cargo.toml

@@ -171,6 +171,7 @@ substrate-wasm-builder = { git = "https://github.com/paritytech/polkadot-sdk.git
 [workspace]
 resolver = "2"
 members = [
+
 	"node",
 	"pallets/common",
 	"pallets/relayer-set",

examples/api.js

@@ -3,6 +3,7 @@ import assert from 'assert';
 import { cidFromBytes } from "./cid_dag_metadata.js";
 import { Binary, Enum } from '@polkadot-api/substrate-bindings';
 import { CHUNK_SIZE, toHex, toHashingEnum } from './common.js';
+import { createGeneralSigner } from './general_tx.js';
 
 // Convert data to Binary for PAPI (handles string, Uint8Array, and array-like types)
 function toBinary(data) {
@@ -138,6 +139,9 @@ export const TX_MODE_IN_POOL = "in-tx-pool";
 
 const DEFAULT_TX_TIMEOUT_MS = 180_000; // 180 seconds or 30 blocks
 
+// Singleton general signer for unsigned transactions (reusable across calls)
+const generalSigner = createGeneralSigner();
+
 const TX_MODE_CONFIG = {
     [TX_MODE_IN_BLOCK]: {
         match: (ev) => ev.type === "txBestBlocksState" && ev.found,
@@ -159,17 +163,15 @@ export async function waitForTransaction(tx, signer = null, txName, txMode = TX_
         throw new Error(`Unhandled txMode: ${txMode}`);
     }
 
-    // Get the observable - either signed or unsigned
+    // Get the observable - either signed or unsigned (general)
     let observable;
     if (signer === null) {
-        console.log(`⬆️ Submitting unsigned ${txName}`);
-        // TODO: https://github.com/polkadot-api/polkadot-api/issues/760
-        // const bareTx = await tx.getBareTx(txOpts);
-        if (Object.keys(txOpts).length > 0) {
-            throw new Error(`txOpts not supported for unsigned transactions (getBareTx doesn't accept options). See: https://github.com/polkadot-api/polkadot-api/issues/760`);
-        }
-        const bareTx = await tx.getBareTx();
-        observable = client.submitAndWatch(bareTx);
+        console.log(`⬆️ Submitting unsigned ${txName} as general transaction`);
+        // With #[pallet::authorize], unsigned transactions must be submitted as "general"
+        // extrinsics (with extension pipeline) rather than "bare" extrinsics (which bypass
+        // all extensions including AuthorizeCall).
+        // See: https://github.com/polkadot-api/polkadot-api/issues/760
+        observable = tx.signSubmitAndWatch(generalSigner, txOpts);
     } else {
         observable = tx.signSubmitAndWatch(signer, txOpts);
     }

examples/general_tx.js

@@ -0,0 +1,65 @@
+/**
+ * General transaction signer for #[pallet::authorize] calls.
+ *
+ * With #[pallet::authorize] replacing ValidateUnsigned, unsigned transactions must be
+ * submitted as "general" extrinsics (Preamble::General) rather than "bare" extrinsics
+ * (Preamble::Bare). General extrinsics include the transaction extension pipeline but
+ * no signature, allowing AuthorizeCall to process the call's authorization logic.
+ *
+ * This uses a custom PolkadotSigner that constructs v5 general transactions using the
+ * runtime metadata to properly encode extension data, rather than hardcoding defaults.
+ *
+ * See: https://github.com/polkadot-api/polkadot-api/issues/760
+ */
+
+import {
+    compact,
+    decAnyMetadata,
+    extrinsicFormat,
+    unifyMetadata,
+} from "@polkadot-api/substrate-bindings"
+import { mergeUint8 } from "polkadot-api/utils"
+
+const EXTENSION_VERSION = 0;
+
+/**
+ * Create a PolkadotSigner that produces v5 general transactions (unsigned with extensions).
+ *
+ * Usage:
+ *   const signer = createGeneralSigner();
+ *   await tx.signSubmitAndWatch(signer).subscribe(...);
+ *
+ * @returns {import("polkadot-api").PolkadotSigner}
+ */
+export function createGeneralSigner() {
+    return {
+        publicKey: new Uint8Array(32),
+        signBytes() {
+            throw new Error("Unsupported: generalSigner does not support signBytes")
+        },
+        async signTx(callData, signedExtensions, metadata) {
+            const decMeta = unifyMetadata(decAnyMetadata(metadata))
+
+            const extra = decMeta.extrinsic.signedExtensions[EXTENSION_VERSION].map(
+                ({ identifier }) => {
+                    const signedExtension = signedExtensions[identifier]
+                    if (!signedExtension)
+                        throw new Error(`Missing ${identifier} signed extension`)
+                    return signedExtension.value
+                },
+            )
+
+            const preResult = mergeUint8([
+                extrinsicFormat.enc({
+                    version: 5,
+                    type: "general",
+                }),
+                new Uint8Array([EXTENSION_VERSION]),
+                ...extra,
+                callData,
+            ])
+
+            return mergeUint8([compact.enc(preResult.length), preResult])
+        },
+    }
+}

pallets/transaction-storage/src/benchmarking.rs

@@ -135,6 +135,23 @@ pub fn run_to_block<T: Config>(n: frame_system::pallet_prelude::BlockNumberFor<T
 mod benchmarks {
 	use super::*;
 
+	fn authorize_for_store<T: Config>(
+		who: &T::AccountId,
+		transactions: u32,
+		bytes: u64,
+	) -> Result<(), BenchmarkError> {
+		let origin = T::Authorizer::try_successful_origin()
+			.map_err(|_| BenchmarkError::Stop("unable to compute origin"))?;
+		TransactionStorage::<T>::authorize_account(
+			origin as T::RuntimeOrigin,
+			who.clone(),
+			transactions,
+			bytes,
+		)
+		.map_err(|_| BenchmarkError::Stop("unable to authorize account"))?;
+		Ok(())
+	}
+
 	#[benchmark]
 	fn store(l: Linear<{ 1 }, { T::MaxTransactionSize::get() }>) -> Result<(), BenchmarkError> {
 		let data = vec![0u8; l as usize];
@@ -145,9 +162,11 @@ mod benchmarks {
 		)
 		.unwrap()
 		.to_bytes();
+		let caller: T::AccountId = whitelisted_caller();
+		authorize_for_store::<T>(&caller, 1, l as u64)?;
 
 		#[extrinsic_call]
-		_(RawOrigin::None, data);
+		_(RawOrigin::Signed(caller), data);
 
 		assert!(!BlockTransactions::<T>::get().is_empty());
 		assert_last_event::<T>(Event::Stored { index: 0, content_hash, cid }.into());
@@ -158,11 +177,13 @@ mod benchmarks {
 	fn renew() -> Result<(), BenchmarkError> {
 		let data = vec![0u8; T::MaxTransactionSize::get() as usize];
 		let content_hash = sp_io::hashing::blake2_256(&data);
-		TransactionStorage::<T>::store(RawOrigin::None.into(), data)?;
+		let caller: T::AccountId = whitelisted_caller();
+		authorize_for_store::<T>(&caller, 2, T::MaxTransactionSize::get() as u64)?;
+		TransactionStorage::<T>::store(RawOrigin::Signed(caller.clone()).into(), data)?;
 		run_to_block::<T>(1u32.into());
 
 		#[extrinsic_call]
-		_(RawOrigin::None, BlockNumberFor::<T>::zero(), 0);
+		_(RawOrigin::Signed(caller), BlockNumberFor::<T>::zero(), 0);
 
 		assert_last_event::<T>(Event::Renewed { index: 0, content_hash }.into());
 		Ok(())
@@ -171,9 +192,13 @@ mod benchmarks {
 	#[benchmark]
 	fn check_proof() -> Result<(), BenchmarkError> {
 		run_to_block::<T>(1u32.into());
+		let caller: T::AccountId = whitelisted_caller();
+		let tx_count = T::MaxBlockTransactions::get();
+		let max_size = T::MaxTransactionSize::get() as u64;
+		authorize_for_store::<T>(&caller, tx_count, max_size.saturating_mul(tx_count as u64))?;
 		for _ in 0..T::MaxBlockTransactions::get() {
 			TransactionStorage::<T>::store(
-				RawOrigin::None.into(),
+				RawOrigin::Signed(caller.clone()).into(),
 				vec![0u8; T::MaxTransactionSize::get() as usize],
 			)?;
 		}