Remove wildcard allowedAirnodes from cache server

Require explicit airnode addresses — no wildcard mode. The cache server
operator must declare which airnodes are trusted to push data. This
prevents untrusted parties from injecting signed data from their own
keys into the store.

Author: andreogle

book/docs/operators/cache-server.md

@@ -67,8 +67,9 @@ endpoints:
 
 ### `allowedAirnodes`
 
-Either a list of allowed airnode addresses with their push auth tokens, or `'*'` to accept any airnode (still requires a
-non-empty bearer token).
+An explicit list of airnode addresses authorized to push data, each with an auth token for bearer authentication. Every
+airnode that pushes to this cache server must be listed — there is no wildcard mode. This ensures only trusted airnodes
+can populate the store.
 
 ### `endpoints`
 

src/cache-server.test.ts

@@ -296,52 +296,6 @@ describe('cache server', () => {
   });
 });
 
-// =============================================================================
-// Wildcard allowedAirnodes
-// =============================================================================
-describe('cache server with wildcard airnodes', () => {
-  let server: CacheServerHandle;
-
-  let baseUrl: string;
-
-  beforeAll(() => {
-    server = createCacheServer({
-      config: makeConfig({
-        allowedAirnodes: '*',
-        endpoints: [{ path: '/data', delaySeconds: 0, auth: { type: 'free' } }],
-      } as Partial<CacheServerConfig>),
-    });
-    baseUrl = `http://${server.hostname}:${String(server.port)}`;
-  });
-
-  afterAll(() => {
-    server.stop();
-  });
-
-  test('accepts any airnode when allowedAirnodes is wildcard', async () => {
-    const beacon = await makeSignedBeacon();
-    const response = await postBeacons(baseUrl, TEST_AIRNODE, beacon, 'any-token');
-    const body = (await response.json()) as { count: number };
-
-    expect(response.status).toBe(200);
-    expect(body.count).toBeGreaterThanOrEqual(0);
-  });
-
-  test('rejects empty bearer token even in wildcard mode', async () => {
-    const beacon = await makeSignedBeacon();
-    const response = await fetch(`${baseUrl}/beacons/${TEST_AIRNODE}`, {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        Authorization: 'Bearer ',
-      },
-      body: JSON.stringify(beacon),
-    });
-
-    expect(response.status).toBe(401);
-  });
-});
-
 // =============================================================================
 // Rate limiting
 // =============================================================================

src/cache-server.ts

@@ -70,9 +70,9 @@ function createBeaconIngestionStore(): BeaconIngestionStore {
 // =============================================================================
 // Push authentication (bearer token from airnode → cache server)
 //
-// Wildcard mode ('*') still requires a non-empty bearer token as a deliberate
-// intent marker — without it, the ingestion pipeline is exposed to
-// unauthenticated traffic.
+// Every push request must come from an explicitly allowed airnode address
+// with a matching auth token. There is no wildcard mode — the cache server
+// operator must declare which airnodes are trusted.
 // =============================================================================
 function authenticatePush(
   request: Request,
@@ -85,8 +85,6 @@ function authenticatePush(
   const token = authHeader.slice(7);
   if (token.length === 0) return 'Empty bearer token';
 
-  if (allowedAirnodes === '*') return undefined;
-
   const allowed = allowedAirnodes.find((a) => a.address.toLowerCase() === airnodeAddress.toLowerCase());
   if (!allowed) return 'Airnode not in allowedAirnodes list';
 

src/cli/commands/cache-server.ts

@@ -35,7 +35,7 @@ export const cacheServer = new Command('cache-server')
       endpoints: config.endpoints.length,
     });
 
-    const airnodeCount = config.allowedAirnodes === '*' ? 'any' : String(config.allowedAirnodes.length);
+    const airnodeCount = String(config.allowedAirnodes.length);
     logger.info(`Config loaded: ${airnodeCount} allowed airnode(s), ${String(config.endpoints.length)} endpoint(s)`);
 
     const server = createCacheServer({ config });

src/config/schema.ts

@@ -191,6 +191,6 @@ const cacheEndpointSchema = z.object({
 export const cacheServerConfigSchema = z.object({
   version: z.literal('1.0'),
   server: serverSchema,
-  allowedAirnodes: z.union([z.literal('*'), z.array(allowedAirnodeSchema).min(1)]),
+  allowedAirnodes: z.array(allowedAirnodeSchema).min(1),
   endpoints: z.array(cacheEndpointSchema).min(1),
 });