Skip to content

ValidateDDOCommand - getValidationSignature only for authentificated requests #816

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
alexcos20 opened this issue Jan 22, 2025 · 1 comment · May be fixed by #835
Open

ValidateDDOCommand - getValidationSignature only for authentificated requests #816

alexcos20 opened this issue Jan 22, 2025 · 1 comment · May be fixed by #835
Assignees
@paulo-ocean
Labels
Type: Bug Something isn't working

Comments

@alexcos20
Copy link
Member

alexcos20 commented Jan 22, 2025
edited by paulo-ocean
Loading

When calling ValidateDDOCommand we always add our signature if the DDO is valid, no matter who is the publisher. In order to implement the concept of isolated markets, we need to change that.

So, we will add our signature ONLY IF:

  • command contains optional parameter publisherAddress
  • command contains optional parameter nonce and nonce is valid for publisherAddress
  • command contains optional parameter signature which is the signed message based on nonce by publisherAddress
  • ddo.nftAddress exists and it's valid
  • publisherAddress has updateMetadata role on ddo.nftAddress contract
  • publisherAddress has publishing rights on this node (see DDO Index: Isolated node #815)
@alexcos20 alexcos20 added the Type: Bug Something isn't working label Jan 22, 2025
@paulo-ocean paulo-ocean linked a pull request Feb 4, 2025 that will close this issue
Open
@paulo-ocean
Copy link
Contributor

paulo-ocean commented Feb 18, 2025
edited
Loading

hey @alexcos20
in case ANY check of the above fails BUT the DDO object is still VALID should we:

  • return a 200 msg anyway (but without adding the node signature)
  • just return a 400 error (validation failed)

Example; lets say we did not sent one of the optional parameters..

In any case we need to change the SDK as well (current /ddo/validate response on the SDK is handled this way:)

if (response.status === 200) {
        status.valid = true
        status.hash = jsonResponse.hash
        status.proof = {
          validatorAddress: jsonResponse.publicKey,
          r: jsonResponse.r[0],
          s: jsonResponse.s[0],
          v: jsonResponse.v
        }
      }

(so, if 200 it assumes we have a signature)

But we're not sending the optional parameters on the /ddo/validate request... we're just sending the DDO ..

const response = await fetch(path, {
        method: 'POST',
        body: JSON.stringify(ddo),
        headers: { 'Content-Type': 'application/octet-stream' },
        signal
      })

So, we need to change something there in any case, either on the request (add the params) or on the way we handle the response...

thanks

@paulo-ocean paulo-ocean mentioned this issue Feb 19, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@paulo-ocean paulo-ocean

Labels
Type: Bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

validateDDO: getValidationSignature only for authentificated requests oceanprotocol/ocean-node
2 participants
@alexcos20 @paulo-ocean