From ae4fe27601aa47f278d4f761aabdbac933cf1d0e Mon Sep 17 00:00:00 2001
From: techvoyagerX <bytebender90@gmail.com>
Date: Mon, 2 Sep 2024 03:12:15 -0400
Subject: [PATCH] Add comments to identify insecure, recommended, and secure
 patterns in 0-signer-authorization

---
 programs/0-signer-authorization/insecure/src/lib.rs    | 4 +++-
 programs/0-signer-authorization/recommended/src/lib.rs | 3 ++-
 programs/0-signer-authorization/secure/src/lib.rs      | 5 +++--
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/programs/0-signer-authorization/insecure/src/lib.rs b/programs/0-signer-authorization/insecure/src/lib.rs
index 7fbf8ee..dcb11ea 100644
--- a/programs/0-signer-authorization/insecure/src/lib.rs
+++ b/programs/0-signer-authorization/insecure/src/lib.rs
@@ -1,6 +1,8 @@
 use anchor_lang::prelude::*;
 
+// Insecure: `authority` is of type `AccountInfo` without any checks to ensure it's a signer.
 declare_id!("Fg6PaFpoGXkYsidMpWTK6W2BeZ7FEfcYkg476zPFsLnS");
+
 #[program]
 pub mod signer_authorization_insecure {
     use super::*;
@@ -13,5 +15,5 @@ pub mod signer_authorization_insecure {
 
 #[derive(Accounts)]
 pub struct LogMessage<'info> {
-    authority: AccountInfo<'info>,
+    authority: AccountInfo<'info>,  // No check for signer authority.
 }
diff --git a/programs/0-signer-authorization/recommended/src/lib.rs b/programs/0-signer-authorization/recommended/src/lib.rs
index d5f9955..39a9d04 100644
--- a/programs/0-signer-authorization/recommended/src/lib.rs
+++ b/programs/0-signer-authorization/recommended/src/lib.rs
@@ -1,5 +1,6 @@
 use anchor_lang::prelude::*;
 
+// Recommended: Changing `authority` to type `Signer` ensures the account has signer privileges.
 declare_id!("Fg6PaFpoGXkYsidMpWTK6W2BeZ7FEfcYkg476zPFsLnS");
 
 #[program]
@@ -14,5 +15,5 @@ pub mod signer_authorization_recommended {
 
 #[derive(Accounts)]
 pub struct LogMessage<'info> {
-    authority: Signer<'info>,
+    authority: Signer<'info>,  // Ensures that `authority` is a valid signer.
 }
diff --git a/programs/0-signer-authorization/secure/src/lib.rs b/programs/0-signer-authorization/secure/src/lib.rs
index 1f49407..a60858c 100644
--- a/programs/0-signer-authorization/secure/src/lib.rs
+++ b/programs/0-signer-authorization/secure/src/lib.rs
@@ -1,5 +1,6 @@
 use anchor_lang::prelude::*;
 
+// Secure: Explicitly checks if `authority` is a signer before proceeding.
 declare_id!("Fg6PaFpoGXkYsidMpWTK6W2BeZ7FEfcYkg476zPFsLnS");
 
 #[program]
@@ -8,7 +9,7 @@ pub mod signer_authorization_secure {
 
     pub fn log_message(ctx: Context<LogMessage>) -> ProgramResult {
         if !ctx.accounts.authority.is_signer {
-            return Err(ProgramError::MissingRequiredSignature);
+            return Err(ProgramError::MissingRequiredSignature);  // Secure: Throws an error if `authority` is not a signer.
         }
         msg!("GM {}", ctx.accounts.authority.key().to_string());
         Ok(())
@@ -17,5 +18,5 @@ pub mod signer_authorization_secure {
 
 #[derive(Accounts)]
 pub struct LogMessage<'info> {
-    authority: AccountInfo<'info>,
+    authority: AccountInfo<'info>,  // Type `AccountInfo` allows additional checks.
 }