Merge pull request #81 from oceanprotocol/register

Register
oceanprotocol · Sep 19, 2023 · 2d05722 · 2d05722
2 parents 31dc308 + 12f1400
commit 2d05722
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 0 deletions.
diff --git a/.env.example b/.env.example
@@ -3,6 +3,7 @@ APP_NAME=dbs
 PYTHONUNBUFFERED=1
 DJANGO_LOG_LEVEL=DEBUG
 IPFS_SERVICE_ENDPOINT="http://127.0.0.1:5001/api/v0/add"
+APPROVED_ADDRESS="0x123abc000000000000000"
 
 # FILECOIN RELATED CONFIGS
 DBS_URL='http://127.0.0.1:8000'
@@ -35,6 +36,7 @@ TEST_PRIVATE_KEY='00000000000000000000000000000000000000000000000000000000000000
 ENABLE_EXPENSIVE_TESTS='false'
 CHAIN_ID='80001'
 TOKEN_ADDRESS='0x9c3C9283D3e44854697Cd22D3Faa240Cfb032889'
+PRIVATE_KEY='0000000000000000000000000000000000000000000000000000000000000000'
 
 
 # Only for Production

diff --git a/server/oceandbs/views.py b/server/oceandbs/views.py
@@ -1,6 +1,7 @@
 import datetime
 import json
 import time
+import os
 
 import requests
 
@@ -21,6 +22,7 @@
 from .serializers import StorageSerializer, QuoteSerializer, CreateStorageSerializer
 from .models import Quote, Storage, File, PaymentMethod, AcceptedToken, UPLOAD_CODE
 from .utils import check_params_validity, upload_files_to_ipfs, upload_files_to_microservice, create_allowance
+from eth_account import Account
 
 
 # Storage service creation class
@@ -81,10 +83,35 @@ def post(self, request):
         data = request.data
         print(f"Received registration request data: {data}")
 
+        # Extract the signature and original message from the request data
+        signature = data.get('signature')
+        original_message = data.get('url')
+
+        # Ensure the signature and original message are present
+        if not signature or not original_message:
+            print("Signature or original message missing in request data.")
+            return Response("Invalid input data.", status=400)
+
         if not data.get('type'):
             print("Type key missing or None in request data.")
             return Response("Invalid input data.", status=400)
 
+            # Verify the signature and get the address that signed the original message
+        try:
+            recovered_address = Account.recover_message(original_message, signature=signature)
+            print(f"Recovered Ethereum address: {recovered_address}")
+        except:
+            print("Failed to verify the signature.")
+            return Response("Invalid signature.", status=400)
+
+        # Check if the recovered_address matches the APPROVED_ADDRESS from the environment variables
+        approved_address = os.environ.get('APPROVED_ADDRESS')
+        print(f"Approved Ethereum address: {approved_address}")
+        if recovered_address.lower() != approved_address.lower():
+            print("Registration request received from non-approved address.")
+            return Response("Registration request received from non-approved address.", status=403)
+
+        print("Registration request received from approved address. Proceeding with registration.")
         storage, created = Storage.objects.get_or_create(type=data['type'])
 
         if not created: