From 081121639e7a7c38882a9a1a111f1aafc4163ab3 Mon Sep 17 00:00:00 2001 From: Sergey Ukustov Date: Wed, 3 Jul 2024 14:55:59 +0300 Subject: [PATCH] parse allowed dids list --- config/default.json | 6 +++++- config/env/dev.json | 6 +++++- config/env/prod.json | 6 +++++- config/env/test.json | 6 +++++- src/auth/auth.middleware.ts | 9 +++++++++ src/server.ts | 9 ++++----- 6 files changed, 33 insertions(+), 9 deletions(-) diff --git a/config/default.json b/config/default.json index 95b5787b..2ab2d530 100644 --- a/config/default.json +++ b/config/default.json @@ -11,7 +11,6 @@ "merkleDepthLimit": 0, "minStreamCount": 1024, "readyRetryIntervalMS": 300000, - "requireAuth": false, "schedulerIntervalMS": 300000, "schedulerStopAfterNoOp": false, "pubsubResponderWindowMs": 8035200000, @@ -101,5 +100,10 @@ "s3Endpoint": "", "maxTimeToHoldMessageSec": 21600, "waitTimeForMessageSec": 0 + }, + "auth": { + "required": false, + "dids": "@@AUTH_DIDS_ALLOWED", + "relaxed": true } } diff --git a/config/env/dev.json b/config/env/dev.json index 2557853f..a584e6a4 100644 --- a/config/env/dev.json +++ b/config/env/dev.json @@ -11,7 +11,6 @@ "merkleDepthLimit": "@@MERKLE_DEPTH_LIMIT", "minStreamCount": "@@MIN_STREAM_COUNT", "readyRetryIntervalMS": "@@READY_RETRY_INTERVAL_MS", - "requireAuth": "@@REQUIRE_AUTH", "schedulerIntervalMS": "@@SCHEDULER_INTERVAL_MS", "schedulerStopAfterNoOp": "@@SCHEDULER_STOP_AFTER_NO_OP", "pubsubResponderWindowMs": "@@PUBSUB_RESPONDER_WINDOW_MS", @@ -93,5 +92,10 @@ "s3Endpoint": "@@S3_ENDPOINT", "maxTimeToHoldMessageSec": "@@MAX_TIME_TO_HOLD_MESSAGE_SEC", "waitTimeForMessageSec": "@@WAIT_TIME_FOR_MESSAGE_SEC" + }, + "auth": { + "required": "@@REQUIRE_AUTH", + "dids": "@@AUTH_DIDS_ALLOWED", + "relaxed": "@@AUTH_RELAXED" } } diff --git a/config/env/prod.json b/config/env/prod.json index 2557853f..a584e6a4 100644 --- a/config/env/prod.json +++ b/config/env/prod.json @@ -11,7 +11,6 @@ "merkleDepthLimit": "@@MERKLE_DEPTH_LIMIT", "minStreamCount": "@@MIN_STREAM_COUNT", "readyRetryIntervalMS": "@@READY_RETRY_INTERVAL_MS", - "requireAuth": "@@REQUIRE_AUTH", "schedulerIntervalMS": "@@SCHEDULER_INTERVAL_MS", "schedulerStopAfterNoOp": "@@SCHEDULER_STOP_AFTER_NO_OP", "pubsubResponderWindowMs": "@@PUBSUB_RESPONDER_WINDOW_MS", @@ -93,5 +92,10 @@ "s3Endpoint": "@@S3_ENDPOINT", "maxTimeToHoldMessageSec": "@@MAX_TIME_TO_HOLD_MESSAGE_SEC", "waitTimeForMessageSec": "@@WAIT_TIME_FOR_MESSAGE_SEC" + }, + "auth": { + "required": "@@REQUIRE_AUTH", + "dids": "@@AUTH_DIDS_ALLOWED", + "relaxed": "@@AUTH_RELAXED" } } diff --git a/config/env/test.json b/config/env/test.json index 64117e35..e0bc3766 100644 --- a/config/env/test.json +++ b/config/env/test.json @@ -3,7 +3,6 @@ "expirationPeriod": 0, "loadStreamTimeoutMs": 1000, "readyRetryIntervalMS": 10000, - "requireAuth": false, "schedulerIntervalMS": 10000, "carStorage": { "mode": "s3", @@ -74,5 +73,10 @@ "s3BucketName": "ceramic-tnet-cas", "maxTimeToHoldMessageSec": 10800, "waitTimeForMessageSec": 10 + }, + "auth": { + "required": false, + "dids": "", + "relaxed": true } } diff --git a/src/auth/auth.middleware.ts b/src/auth/auth.middleware.ts index fffced6c..0e213721 100644 --- a/src/auth/auth.middleware.ts +++ b/src/auth/auth.middleware.ts @@ -21,6 +21,15 @@ CAR_FACTORY.codecs.add(DAG_JOSE) const VERIFIER = new DID({ resolver: KeyDIDResolver.getResolver() }) +export function parseAllowedDIDs(dids: string | undefined): Set { + if (dids) { + const parts = dids.split(',') + return new Set(parts) + } else { + return new Set() + } +} + export function auth(opts: AuthOpts): Handler { const hasAllowedDIDsList = opts.allowedDIDs.size > 0 diff --git a/src/server.ts b/src/server.ts index 974c4fa5..25ef5b14 100644 --- a/src/server.ts +++ b/src/server.ts @@ -1,6 +1,6 @@ import bodyParser from 'body-parser' import { Server } from '@overnightjs/core' -import { auth } from './auth/auth.middleware.js' +import { auth, parseAllowedDIDs } from './auth/auth.middleware.js' import { expressLoggers, logger, expressErrorLogger } from './logger/index.js' import { Config } from 'node-config-ts' import { multiprocess, type Multiprocess } from './ancillary/multiprocess.js' @@ -20,12 +20,11 @@ export class CeramicAnchorServer extends Server { bodyParser.urlencoded({ extended: true, type: 'application/x-www-form-urlencoded' }) ) this.app.use(expressLoggers) - if (config.requireAuth) { + if (config.auth.required) { this.app.use( - // TODO Set parameters correctly auth({ - allowedDIDs: new Set(), - isRelaxed: false, + allowedDIDs: parseAllowedDIDs(config.auth.dids), + isRelaxed: config.auth.relaxed, logger: logger, }) )