Refactor trusted algortihms and trusted publishers checks. (#973)

* Refactor trusted algortihms and trusted publishers checks.

* Use another branch from cli.

Author: mariacarmina

.github/workflows/ci.yml

@@ -282,7 +282,7 @@ jobs:
         with:
           repository: 'oceanprotocol/ocean-cli'
           path: 'ocean-cli'
-          ref: 'fix-tests-for-node'
+          ref: 'feature/fix-compute-dataset'
       - name: Setup Ocean CLI
         working-directory: ${{ github.workspace }}/ocean-cli
         run: |

src/components/core/compute/utils.ts

@@ -83,57 +83,44 @@ export async function validateAlgoForDataset(
     if (datasetService.type !== 'compute' || !compute) {
       throw new Error('Service not compute')
     }
+    const publishers = compute.publisherTrustedAlgorithmPublishers || []
+    const algorithms = compute.publisherTrustedAlgorithms || []
+
+    // If no restrictions are set, deny by default
+    const hasTrustedPublishers = publishers.length > 0
+    const hasTrustedAlgorithms = algorithms.length > 0
+    if (!hasTrustedPublishers && !hasTrustedAlgorithms) return false
 
     if (algoDID) {
-      if (
-        // if not set deny them all
-        (!Array.isArray(compute.publisherTrustedAlgorithms) ||
-          compute.publisherTrustedAlgorithms.length === 0) &&
-        (!Array.isArray(compute.publisherTrustedAlgorithmPublishers) ||
-          compute.publisherTrustedAlgorithmPublishers.length === 0)
-      ) {
-        return false
-      }
+      // Check if algorithm is explicitly trusted
+      const isAlgoTrusted =
+        hasTrustedAlgorithms &&
+        algorithms.some((algo: any) => {
+          const didMatch = algo.did === '*' || algo.did === algoDID
+          const filesMatch =
+            algo.filesChecksum === '*' || algo.filesChecksum === algoChecksums.files
+          const containerMatch =
+            algo.containerSectionChecksum === '*' ||
+            algo.containerSectionChecksum === algoChecksums.container
+          return didMatch && filesMatch && containerMatch
+        })
 
-      if (
-        compute.publisherTrustedAlgorithms.includes('*') &&
-        compute.publisherTrustedAlgorithmPublishers.includes('*')
-      ) {
-        return true
-      }
+      // Check if algorithm publisher is trusted
+      let isPublisherTrusted = true
+      if (hasTrustedPublishers) {
+        if (!publishers.includes('*')) {
+          const algoDDO = await new FindDdoHandler(oceanNode).findAndFormatDdo(algoDID)
+          if (!algoDDO) return false
+          const algoInstance = DDOManager.getDDOClass(algoDDO)
+          const { nftAddress } = algoInstance.getDDOFields()
 
-      if (
-        Array.isArray(compute.publisherTrustedAlgorithms) &&
-        compute.publisherTrustedAlgorithms.length > 0 &&
-        !compute.publisherTrustedAlgorithms.includes('*')
-      ) {
-        const trustedAlgo = compute.publisherTrustedAlgorithms.find(
-          (algo: any) => algo.did === algoDID
-        )
-        if (trustedAlgo) {
-          return (
-            trustedAlgo.filesChecksum === algoChecksums.files &&
-            trustedAlgo.containerSectionChecksum === algoChecksums.container
-          )
-        }
-        return false
-      }
-      if (
-        Array.isArray(compute.publisherTrustedAlgorithmPublishers) &&
-        compute.publisherTrustedAlgorithmPublishers.length > 0 &&
-        !compute.publisherTrustedAlgorithmPublishers.includes('*')
-      ) {
-        const algoDDO = await new FindDdoHandler(oceanNode).findAndFormatDdo(algoDID)
-        const algoInstance = DDOManager.getDDOClass(algoDDO)
-        const { nftAddress } = algoInstance.getDDOFields()
-        if (algoDDO) {
-          return compute.publisherTrustedAlgorithmPublishers
-            .map((address: string) => address?.toLowerCase())
+          isPublisherTrusted = publishers
+            .map((addr: string) => addr?.toLowerCase())
             .includes(nftAddress?.toLowerCase())
         }
-        return false
       }
-      return true
+
+      return isAlgoTrusted && isPublisherTrusted
     }
 
     return compute.allowRawAlgorithm