pubstructClosePreAuthorization<'info> {// Either the token account owner signs and sets any receiver they want// or receiver MUST be token_account.owner/// CHECK: This can be any account #[account(mut, constraint = ( authority.key.eq(&token_account.owner) || receiver.key.eq(&token_account.owner) ) @CustomProgramError::OnlyTokenAccountOwnerCanReceiveClosePreAuthFunds )]pub receiver:AccountInfo<'info>, #[account( constraint = ( authority.key.eq(&token_account.owner) || authority.key.eq(&pre_authorization.debit_authority) ) @CustomProgramError::PreAuthorizationCloseUnauthorized )]pub authority:Signer<'info>,pub token_account:InterfaceAccount<'info, TokenAccount>, #[account(mut, close = receiver, seeds = [b"pre-authorization", token_account.key().as_ref(), pre_authorization.debit_authority.as_ref(), ], bump = pre_authorization.bump, has_one = token_account @CustomProgramError::PreAuthorizationTokenAccountMismatch, )]pub pre_authorization:Account<'info, PreAuthorization>,}
Either the token account's owner OR the debit authority of the pre-authorization can close it.
If the closing authority/signer is the debit authority, they can only specify the SOL recipient from the closed account to be the owner to prevent draining of funds. If the closing authority is the owner itself, any receiver can be specified.