Merge pull request #873 from oceanprotocol/issue-871-checkCredentials-accessList

add support for accessList on download checkCredentials

Author: paulo-ocean

src/components/core/handler/downloadHandler.ts

@@ -292,7 +292,7 @@ export class DownloadHandler extends Handler {
         ).success
       } else {
         accessGrantedDDOLevel = areKnownCredentialTypes(ddo.credentials)
-          ? checkCredentials(ddo.credentials, task.consumerAddress, ddo.chainId)
+          ? await checkCredentials(ddo.credentials, task.consumerAddress, ddo.chainId)
           : true
       }
       if (!accessGrantedDDOLevel) {
@@ -397,7 +397,7 @@ export class DownloadHandler extends Handler {
           ).success)
       } else {
         accessGrantedServiceLevel = areKnownCredentialTypes(service.credentials)
-          ? checkCredentials(service.credentials, task.consumerAddress, chainId)
+          ? await checkCredentials(service.credentials, task.consumerAddress, chainId)
           : true
       }
 

src/test/unit/credentials.test.ts

@@ -29,26 +29,26 @@ describe('credentials', () => {
     envOverrides = await setupEnvironment(null, envOverrides)
   })
 
-  it('should deny access with undefined or empty credentials', () => {
+  it('should deny access with undefined or empty credentials', async () => {
     const credentialsUndefined: Credentials = undefined
     const consumerAddress = '0x123'
-    const accessGranted1 = checkCredentials(credentialsUndefined, consumerAddress)
+    const accessGranted1 = await checkCredentials(credentialsUndefined, consumerAddress)
     expect(accessGranted1).to.equal(false)
     const credentialsEmapty = {} as Credentials
-    const accessGranted2 = checkCredentials(credentialsEmapty, consumerAddress)
+    const accessGranted2 = await checkCredentials(credentialsEmapty, consumerAddress)
     expect(accessGranted2).to.equal(false)
   })
-  it('should deny access with empty allow and deny lists', () => {
+  it('should deny access with empty allow and deny lists', async () => {
     // if list does not exist or is empty access is denied
     const credentials: Credentials = {
       allow: [],
       deny: []
     }
     const consumerAddress = '0x123'
-    const accessGranted = checkCredentials(credentials, consumerAddress)
+    const accessGranted = await checkCredentials(credentials, consumerAddress)
     expect(accessGranted).to.equal(false)
   })
-  it('should deny access with empty values in deny lists', () => {
+  it('should deny access with empty values in deny lists', async () => {
     const credentials: Credentials = {
       deny: [
         {
@@ -58,11 +58,11 @@ describe('credentials', () => {
       ]
     }
     const consumerAddress = '0x123'
-    const accessGranted = checkCredentials(credentials, consumerAddress)
+    const accessGranted = await checkCredentials(credentials, consumerAddress)
     expect(accessGranted).to.equal(false)
   })
 
-  it('should deny access with "accessList" credentials (default behaviour if cannot check)', () => {
+  it('should deny access with "accessList" credentials (default behaviour if cannot check)', async () => {
     const consumerAddress = '0x123'
     const credentials: Credentials = {
       deny: [
@@ -73,11 +73,11 @@ describe('credentials', () => {
       ]
     }
 
-    const accessGranted = checkCredentials(credentials, consumerAddress)
+    const accessGranted = await checkCredentials(credentials, consumerAddress)
     expect(accessGranted).to.equal(false)
   })
 
-  it('should deny access with empty values in allow lists', () => {
+  it('should deny access with empty values in allow lists', async () => {
     const credentials: Credentials = {
       allow: [
         {
@@ -87,10 +87,10 @@ describe('credentials', () => {
       ]
     }
     const consumerAddress = '0x123'
-    const accessGranted = checkCredentials(credentials, consumerAddress)
+    const accessGranted = await checkCredentials(credentials, consumerAddress)
     expect(accessGranted).to.equal(false)
   })
-  it('should allow access with address in allow list', () => {
+  it('should allow access with address in allow list', async () => {
     const credentials: Credentials = {
       allow: [
         {
@@ -100,10 +100,10 @@ describe('credentials', () => {
       ]
     }
     const consumerAddress = '0x123'
-    const accessGranted = checkCredentials(credentials, consumerAddress)
+    const accessGranted = await checkCredentials(credentials, consumerAddress)
     expect(accessGranted).to.equal(true)
   })
-  it('should deny access with address not explicitly in deny list but also without any allow list', () => {
+  it('should deny access with address not explicitly in deny list but also without any allow list', async () => {
     const credentials: Credentials = {
       deny: [
         {
@@ -113,10 +113,10 @@ describe('credentials', () => {
       ]
     }
     const consumerAddress = '0x123'
-    const accessGranted = checkCredentials(credentials, consumerAddress)
+    const accessGranted = await checkCredentials(credentials, consumerAddress)
     expect(accessGranted).to.equal(false) // its not denied explicitly but not allowed either
   })
-  it('should deny access with address in deny list', () => {
+  it('should deny access with address in deny list', async () => {
     const credentials: Credentials = {
       allow: [
         {
@@ -132,10 +132,10 @@ describe('credentials', () => {
       ]
     }
     const consumerAddress = '0x123'
-    const accessGranted = checkCredentials(credentials, consumerAddress)
+    const accessGranted = await checkCredentials(credentials, consumerAddress)
     expect(accessGranted).to.equal(false)
   })
-  it('should deny access with address not in allow list', () => {
+  it('should deny access with address not in allow list', async () => {
     const credentials: Credentials = {
       allow: [
         {
@@ -151,7 +151,7 @@ describe('credentials', () => {
       ]
     }
     const consumerAddress = '0x123'
-    const accessGranted = checkCredentials(credentials, consumerAddress)
+    const accessGranted = await checkCredentials(credentials, consumerAddress)
     expect(accessGranted).to.equal(false)
   })
 
@@ -229,7 +229,7 @@ describe('credentials', () => {
     expect(hasAddressMatchAllRule(creds2.credentials.allow)).to.be.equal(false)
   })
 
-  it('should deny access by default if no specific allow rule is a match', () => {
+  it('should deny access by default if no specific allow rule is a match', async () => {
     const credentials: Credentials = {
       allow: [
         {
@@ -245,7 +245,7 @@ describe('credentials', () => {
       ]
     }
     const consumerAddress = '0x123'
-    const accessGranted = checkCredentials(
+    const accessGranted = await checkCredentials(
       credentials,
       consumerAddress,
       DEVELOPMENT_CHAIN_ID

src/utils/blockchain.ts

@@ -14,7 +14,7 @@ import {
 import { getConfiguration } from './config.js'
 import { CORE_LOGGER } from './logging/common.js'
 import { sleep } from './util.js'
-import { ConnectionStatus } from '../@types/blockchain.js'
+import { ConnectionStatus, SupportedNetwork } from '../@types/blockchain.js'
 import { ValidateChainId } from '../@types/commands.js'
 
 export class Blockchain {
@@ -218,3 +218,14 @@ export async function getJsonRpcProvider(
   }
   return new JsonRpcProvider(checkResult.networkRpc)
 }
+
+// useful for getting a Blockchain instance, as we repeat this piece of code often
+export function getBlockchainHandler(network: SupportedNetwork): Blockchain {
+  const blockChain = new Blockchain(
+    network.rpc,
+    network.network,
+    network.chainId,
+    network.fallbackRPCs
+  )
+  return blockChain
+}

src/utils/credentials.ts

@@ -10,6 +10,8 @@ import {
 } from '../@types/DDO/Credentials.js'
 import { getNFTContract } from '../components/Indexer/utils.js'
 import { isDefined } from './util.js'
+import { getConfiguration } from './config.js'
+import { getBlockchainHandler } from './blockchain.js'
 
 export function findCredential(
   credentials: Credential[],
@@ -73,11 +75,11 @@ export function hasAddressMatchAllRule(credentials: Credential[]): boolean {
  * @param credentials credentials
  * @param consumerAddress consumer address
  */
-export function checkCredentials(
+export async function checkCredentials(
   credentials: Credentials,
   consumerAddress: string,
   chainId?: number
-) {
+): Promise<boolean> {
   const consumerCredentials: Credential = {
     type: CREDENTIAL_TYPES.ADDRESS, // 'address',
     values: [String(consumerAddress)?.toLowerCase()]
@@ -128,10 +130,22 @@ export function checkCredentials(
           // otherwise, match 'all', in this case the amount of matches should be the same of the amount of rules
           matchCount++
         }
+      } else if (type === CREDENTIAL_TYPES.ACCESS_LIST && chainId) {
+        const config = await getConfiguration()
+        const supportedNetwork = config.supportedNetworks[String(chainId)]
+        if (supportedNetwork) {
+          const blockChain = getBlockchainHandler(supportedNetwork)
+          for (const accessListContractAddress of cred.values) {
+            const balanceOk = await findAccessListCredentials(
+              blockChain.getSigner(),
+              accessListContractAddress,
+              consumerAddress
+            )
+            if (balanceOk) return true
+          }
+        }
       }
       // extend function to ACCESS_LIST (https://github.com/oceanprotocol/ocean-node/issues/804)
-      // else if (type === CREDENTIAL_TYPES.ACCESS_LIST && chainId) {
-      // }
     }
     if (credentials.match_allow === 'all' && matchCount === credentials.allow.length) {
       return true
@@ -212,11 +226,18 @@ export async function findAccessListCredentials(
   contractAddress: string,
   address: string
 ): Promise<boolean> {
-  const nftContract: ethers.Contract = getNFTContract(signer, contractAddress)
-  if (!nftContract) {
+  try {
+    const nftContract: ethers.Contract = getNFTContract(signer, contractAddress)
+    if (!nftContract) {
+      return false
+    }
+    return await findAccountFromAccessList(nftContract, address)
+  } catch (e) {
+    CORE_LOGGER.error(
+      `Unable to read accessList contract from address ${contractAddress}: ${e.message}`
+    )
     return false
   }
-  return await findAccountFromAccessList(nftContract, address)
 }
 
 export async function findAccountFromAccessList(