Skip to content

Commit d8972e0

Browse files
committed
Merge branch 'main' into issue-810-creds-address-behaviour
2 parents c808dde + 832bd4a commit d8972e0

8 files changed

Lines changed: 70 additions & 0 deletions

File tree

.env.example

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ export FEE_AMOUNT=
2020
export ADDRESS_FILE=
2121
export NODE_ENV=
2222
export AUTHORIZED_DECRYPTERS=
23+
export AUTHORIZED_DECRYPTERS_LIST=
2324
export OPERATOR_SERVICE_URL=
2425
export POLICY_SERVER_URL
2526
export INTERFACES=

docs/dockerDeployment.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,7 @@ services:
9191
# ADDRESS_FILE: ''
9292
# NODE_ENV: ''
9393
# AUTHORIZED_DECRYPTERS: ''
94+
# AUTHORIZED_DECRYPTERS_LIST: ''
9495
# OPERATOR_SERVICE_URL: ''
9596
INTERFACES: '["HTTP","P2P"]'
9697
# ALLOWED_VALIDATORS: ''

docs/env.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ Environmental variables are also tracked in `ENVIRONMENT_VARIABLES` within `src/
1515
- `ADDRESS_FILE`: File location where Ocean contract addresses are saved. Example: `"ADDRESS_FILE=${HOME}/.ocean/ocean-contracts/artifacts/address.json"`
1616
- `NODE_ENV`: Typically used to specify the environment (e.g., development, production) the node is running in. Example: `'development'`
1717
- `AUTHORIZED_DECRYPTERS`: A JSON array of addresses that are authorized to decrypt data. Example: `"['0xe2DD09d719Da89e5a3D0F2549c7E24566e947260']"`
18+
- `AUTHORIZED_DECRYPTERS_LIST`: AccessList contract addresses (per chain). If present, only accounts present on the given access lists can decrypt data. Example: `"{ \"8996\": [\"0x967da4048cD07aB37855c090aAF366e4ce1b9F48\",\"0x388C818CA8B9251b393131C08a736A67ccB19297\"] }"`
1819
- `OPERATOR_SERVICE_URL`: Configures C2D cluster URLs for the node. Example: `"[\"http://example.c2d.cluster1.com\",\"http://example.cd2.cluster2.com\"]"`
1920
- `INTERFACES`: Network interfaces the node supports, e.g., HTTP and P2P. By default, if not specified, both are supported. Example: `"[\"HTTP\",\"P2P\"]"`
2021
- `ALLOWED_VALIDATORS`: Array of addresses for allowed validators to verify asset signatures before indexing. Example: `"[\"0x123\",\"0x456\"]"`

scripts/ocean-node-quickstart.sh

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -147,6 +147,7 @@ services:
147147
# ADDRESS_FILE: ''
148148
# NODE_ENV: ''
149149
# AUTHORIZED_DECRYPTERS: ''
150+
# AUTHORIZED_DECRYPTERS_LIST: ''
150151
# OPERATOR_SERVICE_URL: ''
151152
# POLICY_SERVER_URL: ''
152153
INTERFACES: '["HTTP","P2P"]'

src/@types/OceanNode.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -82,6 +82,7 @@ export interface AccessListContract {
8282
}
8383
export interface OceanNodeConfig {
8484
authorizedDecrypters: string[]
85+
authorizedDecryptersList: AccessListContract | null
8586
allowedValidators: string[]
8687
allowedValidatorsList: AccessListContract | null
8788
authorizedPublishers: string[]

src/components/core/handler/ddoHandler.ts

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ import { CORE_LOGGER } from '../../../utils/logging/common.js'
1717
import { Blockchain } from '../../../utils/blockchain.js'
1818
import { ethers, isAddress } from 'ethers'
1919
import ERC721Template from '@oceanprotocol/contracts/artifacts/contracts/templates/ERC721Template.sol/ERC721Template.json' assert { type: 'json' }
20+
import AccessListContract from '@oceanprotocol/contracts/artifacts/contracts/accesslists/AccessList.sol/AccessList.json' assert { type: 'json' }
2021
// import lzma from 'lzma-native'
2122
import lzmajs from 'lzma-purejs-requirejs'
2223
import {
@@ -199,6 +200,48 @@ export class DecryptDdoHandler extends Handler {
199200
}
200201
}
201202

203+
// access lit checks, needs blockchain connection
204+
const { authorizedDecryptersList } = config
205+
if (authorizedDecryptersList && Object.keys(authorizedDecryptersList).length > 0) {
206+
// check accessList
207+
const chainsListed = Object.keys(authorizedDecryptersList)
208+
// check the access lists for this chain
209+
if (chainsListed.length > 0 && chainsListed.includes(chainId)) {
210+
let isAllowed = false
211+
for (const accessListAddress of authorizedDecryptersList[chainId]) {
212+
// instantiate contract and check balanceOf
213+
const accessListContract = new ethers.Contract(
214+
accessListAddress,
215+
AccessListContract.abi,
216+
blockchain.getSigner()
217+
)
218+
219+
// check access list contract
220+
const balance = await accessListContract.balanceOf(
221+
await blockchain.getSigner().getAddress()
222+
)
223+
if (Number(balance) > 0) {
224+
isAllowed = true
225+
break
226+
}
227+
}
228+
229+
if (!isAllowed) {
230+
CORE_LOGGER.logMessage(
231+
'Decrypt DDO: Decrypter not authorized per access list',
232+
true
233+
)
234+
return {
235+
stream: null,
236+
status: {
237+
httpStatus: 403,
238+
error: 'Decrypt DDO: Decrypter not authorized per access list'
239+
}
240+
}
241+
}
242+
}
243+
}
244+
202245
const transactionId = task.transactionId ? String(task.transactionId) : ''
203246
let encryptedDocument: Uint8Array
204247
let flags: number

src/utils/config.ts

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -201,6 +201,22 @@ function getAuthorizedDecrypters(isStartup?: boolean): string[] {
201201
isStartup
202202
)
203203
}
204+
205+
function getAuthorizedDecryptersList(isStartup?: boolean): AccessListContract | null {
206+
if (
207+
existsEnvironmentVariable(ENVIRONMENT_VARIABLES.AUTHORIZED_DECRYPTERS_LIST, isStartup)
208+
) {
209+
try {
210+
const decryptersAccessList = JSON.parse(
211+
ENVIRONMENT_VARIABLES.AUTHORIZED_DECRYPTERS_LIST.value
212+
) as AccessListContract
213+
return decryptersAccessList
214+
} catch (err) {
215+
CONFIG_LOGGER.error(err.message)
216+
}
217+
}
218+
return null
219+
}
204220
// allowed validators
205221
export function getAllowedValidators(isStartup?: boolean): string[] {
206222
return readAddressListFromEnvVariable(
@@ -607,6 +623,7 @@ async function getEnvConfig(isStartup?: boolean): Promise<OceanNodeConfig> {
607623

608624
const config: OceanNodeConfig = {
609625
authorizedDecrypters: getAuthorizedDecrypters(isStartup),
626+
authorizedDecryptersList: getAuthorizedDecryptersList(isStartup),
610627
allowedValidators: getAllowedValidators(isStartup),
611628
allowedValidatorsList: getAllowedValidatorsList(isStartup),
612629
authorizedPublishers: getAuthorizedPublishers(isStartup),

src/utils/constants.ts

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -247,6 +247,11 @@ export const ENVIRONMENT_VARIABLES: Record<any, EnvVariable> = {
247247
value: process.env.AUTHORIZED_DECRYPTERS,
248248
required: false
249249
},
250+
AUTHORIZED_DECRYPTERS_LIST: {
251+
name: 'AUTHORIZED_DECRYPTERS_LIST',
252+
value: process.env.AUTHORIZED_DECRYPTERS_LIST,
253+
required: false
254+
},
250255
OPERATOR_SERVICE_URL: {
251256
name: 'OPERATOR_SERVICE_URL',
252257
value: process.env.OPERATOR_SERVICE_URL,

0 commit comments

Comments
 (0)