PM-1321 Optional verify sign

README.md

@@ -141,6 +141,13 @@ If the `CONFIG_FILE` environment variable is not set, the program will fall back
 5. **Local File System Configuration**:
    - `CONFIG_FILESYSTEM_PATH` - Set this to the path where you want the local file system to point.
 
+6. **Test settings**
+
+These settings are useful for debugging or testing under controlled conditions. Always revert to secure and sensible defaults before moving to a production environment to maintain the security and reliability of your system.
+
+ - `VERIFY_SIGNATURE_DISABLED` - set to `1` to disable signature verification on submission. It is `0` by default.
+ - `REQUESTS_PER_PK_HOURLY` - set to arbitrarily high value if you want more requests accepted from a single submitter per hour. Default is `120`. 
+
 ### Important Notes
 
 - At least one of the following storage options is required: `AwsS3`, `AwsKeyspaces`, or `LocalFileSystem`. Multi-storage configuration is also supported, allowing for a combination of these storage options.

src/cmd/delegation_backend/main_bpu.go

@@ -33,6 +33,10 @@ func main() {
 	app.Log = log
 	awsctx := AwsContext{}
 	kc := KeyspaceContext{}
+	app.VerifySignatureDisabled = appCfg.VerifySignatureDisabled
+	if app.VerifySignatureDisabled {
+		log.Warnf("Signature verification is disabled, it is not recommended to run the delegation backend in this mode!")
+	}
 
 	// Storage backend setup
 	if appCfg.Aws != nil {

src/delegation_backend/app_config.go

@@ -37,6 +37,7 @@ func LoadEnv(log logging.EventLogger) AppConfig {
 		}
 	} else {
 		networkName := getEnvChecked("CONFIG_NETWORK_NAME", log)
+		verifySignatureDisabled := boolEnvChecked("VERIFY_SIGNATURE_DISABLED", log)
 
 		delegationWhitelistDisabled := boolEnvChecked("DELEGATION_WHITELIST_DISABLED", log)
 		var gsheetId, delegationWhitelistList, delegationWhitelistColumn string
@@ -128,6 +129,7 @@ func LoadEnv(log logging.EventLogger) AppConfig {
 		config.DelegationWhitelistList = delegationWhitelistList
 		config.DelegationWhitelistColumn = delegationWhitelistColumn
 		config.DelegationWhitelistDisabled = delegationWhitelistDisabled
+		config.VerifySignatureDisabled = verifySignatureDisabled
 	}
 
 	return config
@@ -189,6 +191,7 @@ type AppConfig struct {
 	DelegationWhitelistList     string                 `json:"delegation_whitelist_list"`
 	DelegationWhitelistColumn   string                 `json:"delegation_whitelist_column"`
 	DelegationWhitelistDisabled bool                   `json:"delegation_whitelist_disabled,omitempty"`
+	VerifySignatureDisabled     bool                   `json:"verify_signature_disabled,omitempty"`
 	Aws                         *AwsConfig             `json:"aws,omitempty"`
 	AwsKeyspaces                *AwsKeyspacesConfig    `json:"aws_keyspaces,omitempty"`
 	LocalFileSystem             *LocalFileSystemConfig `json:"filesystem,omitempty"`

src/delegation_backend/submit.go

@@ -98,12 +98,13 @@ type AwsContext struct {
 }
 
 type App struct {
-	Log               *logging.ZapEventLogger
-	SubmitCounter     *AttemptCounter
-	Whitelist         *WhitelistMVar
-	WhitelistDisabled bool
-	Save              func(ObjectsToSave)
-	Now               nowFunc
+	Log                     *logging.ZapEventLogger
+	SubmitCounter           *AttemptCounter
+	Whitelist               *WhitelistMVar
+	WhitelistDisabled       bool
+	VerifySignatureDisabled bool
+	Save                    func(ObjectsToSave)
+	Now                     nowFunc
 }
 
 type SubmitH struct {
@@ -178,19 +179,21 @@ func (h *SubmitH) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	payload, err := req.Data.MakeSignPayload()
-	if err != nil {
-		h.app.Log.Errorf("Error while making sign payload: %v", err)
-		w.WriteHeader(500)
-		writeErrorResponse(h.app, &w, "Unexpected server error")
-		return
-	}
+	if !h.app.VerifySignatureDisabled {
+		payload, err := req.Data.MakeSignPayload()
+		if err != nil {
+			h.app.Log.Errorf("Error while making sign payload: %v", err)
+			w.WriteHeader(500)
+			writeErrorResponse(h.app, &w, "Unexpected server error")
+			return
+		}
 
-	hash := blake2b.Sum256(payload)
-	if !verifySig(&req.Submitter, &req.Sig, hash[:], NetworkId()) {
-		w.WriteHeader(401)
-		writeErrorResponse(h.app, &w, "Invalid signature")
-		return
+		hash := blake2b.Sum256(payload)
+		if !verifySig(&req.Submitter, &req.Sig, hash[:], NetworkId()) {
+			w.WriteHeader(401)
+			writeErrorResponse(h.app, &w, "Invalid signature")
+			return
+		}
 	}
 
 	passesAttemptLimit := h.app.SubmitCounter.RecordAttempt(req.Submitter)