Skip to content

Commit

Permalink
disable signature verification
Browse files Browse the repository at this point in the history
  • Loading branch information
@piotr-iohk
piotr-iohk committed Mar 14, 2024
1 parent d47a6c8 commit a1b71d5
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 18 deletions.
4 changes: 4 additions & 0 deletions src/cmd/delegation_backend/main_bpu.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,10 @@ func main() {
app.Log = log
awsctx := AwsContext{}
kc := KeyspaceContext{}
app.VerifySignatureDisabled = appCfg.VerifySignatureDisabled
if app.VerifySignatureDisabled {
log.Warnf("Signature verification is disabled, it is not recommended to run the delegation backend in this mode!")
}

// Storage backend setup
if appCfg.Aws != nil {
Expand Down
3 changes: 3 additions & 0 deletions src/delegation_backend/app_config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ func LoadEnv(log logging.EventLogger) AppConfig {
}
} else {
networkName := getEnvChecked("CONFIG_NETWORK_NAME", log)
verifySignatureDisabled := boolEnvChecked("VERIFY_SIGNATURE_DISABLED", log)

delegationWhitelistDisabled := boolEnvChecked("DELEGATION_WHITELIST_DISABLED", log)
var gsheetId, delegationWhitelistList, delegationWhitelistColumn string
Expand Down Expand Up @@ -128,6 +129,7 @@ func LoadEnv(log logging.EventLogger) AppConfig {
config.DelegationWhitelistList = delegationWhitelistList
config.DelegationWhitelistColumn = delegationWhitelistColumn
config.DelegationWhitelistDisabled = delegationWhitelistDisabled
config.VerifySignatureDisabled = verifySignatureDisabled
}

return config
Expand Down Expand Up @@ -189,6 +191,7 @@ type AppConfig struct {
DelegationWhitelistList string `json:"delegation_whitelist_list"`
DelegationWhitelistColumn string `json:"delegation_whitelist_column"`
DelegationWhitelistDisabled bool `json:"delegation_whitelist_disabled,omitempty"`
VerifySignatureDisabled bool `json:"verify_signature_disabled,omitempty"`
Aws *AwsConfig `json:"aws,omitempty"`
AwsKeyspaces *AwsKeyspacesConfig `json:"aws_keyspaces,omitempty"`
LocalFileSystem *LocalFileSystemConfig `json:"filesystem,omitempty"`
Expand Down
39 changes: 21 additions & 18 deletions src/delegation_backend/submit.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,12 +98,13 @@ type AwsContext struct {
}

type App struct {
Log *logging.ZapEventLogger
SubmitCounter *AttemptCounter
Whitelist *WhitelistMVar
WhitelistDisabled bool
Save func(ObjectsToSave)
Now nowFunc
Log *logging.ZapEventLogger
SubmitCounter *AttemptCounter
Whitelist *WhitelistMVar
WhitelistDisabled bool
VerifySignatureDisabled bool
Save func(ObjectsToSave)
Now nowFunc
}

type SubmitH struct {
Expand Down Expand Up @@ -178,19 +179,21 @@ func (h *SubmitH) ServeHTTP(w http.ResponseWriter, r *http.Request) {
return
}

payload, err := req.Data.MakeSignPayload()
if err != nil {
h.app.Log.Errorf("Error while making sign payload: %v", err)
w.WriteHeader(500)
writeErrorResponse(h.app, &w, "Unexpected server error")
return
}
if !h.app.VerifySignatureDisabled {
payload, err := req.Data.MakeSignPayload()
if err != nil {
h.app.Log.Errorf("Error while making sign payload: %v", err)
w.WriteHeader(500)
writeErrorResponse(h.app, &w, "Unexpected server error")
return
}

hash := blake2b.Sum256(payload)
if !verifySig(&req.Submitter, &req.Sig, hash[:], NetworkId()) {
w.WriteHeader(401)
writeErrorResponse(h.app, &w, "Invalid signature")
return
hash := blake2b.Sum256(payload)
if !verifySig(&req.Submitter, &req.Sig, hash[:], NetworkId()) {
w.WriteHeader(401)
writeErrorResponse(h.app, &w, "Invalid signature")
return
}
}

passesAttemptLimit := h.app.SubmitCounter.RecordAttempt(req.Submitter)
Expand Down

0 comments on commit a1b71d5

Please sign in to comment.