Skip to content

Commit 0ec7c73

Browse files
committed
only allow deployments of verified users
1 parent 5d06ff7 commit 0ec7c73

File tree

1 file changed

+57
-7
lines changed

1 file changed

+57
-7
lines changed

pkg/gridtypes/deployment.go

Lines changed: 57 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -5,19 +5,20 @@ import (
55
"crypto/ed25519"
66
"crypto/md5"
77
"encoding/hex"
8+
"encoding/json"
89
"fmt"
910
"io"
11+
"net/http"
12+
"time"
1013

1114
sr25519 "github.com/ChainSafe/go-schnorrkel"
1215
"github.com/gtank/merlin"
1316
"github.com/pkg/errors"
1417
"github.com/rs/zerolog/log"
1518
)
1619

17-
var (
18-
// ErrWorkloadNotFound error
19-
ErrWorkloadNotFound = fmt.Errorf("workload not found")
20-
)
20+
// ErrWorkloadNotFound error
21+
var ErrWorkloadNotFound = fmt.Errorf("workload not found")
2122

2223
const (
2324
SignatureTypeEd25519 = "ed25519"
@@ -32,8 +33,10 @@ type Verifier interface {
3233
Verify(msg []byte, sig []byte) bool
3334
}
3435

35-
type Ed25519VerifyingKey []byte
36-
type Sr25519VerifyingKey []byte
36+
type (
37+
Ed25519VerifyingKey []byte
38+
Sr25519VerifyingKey []byte
39+
)
3740

3841
func (k Ed25519VerifyingKey) Verify(msg []byte, sig []byte) bool {
3942
return ed25519.Verify([]byte(k), msg, sig)
@@ -385,6 +388,11 @@ func (d *Deployment) Sign(twin uint32, sk Signer) error {
385388
// Verify verifies user signatures is mainly used by the node
386389
// to verify that all attached signatures are valid.
387390
func (d *Deployment) Verify(getter KeyGetter) error {
391+
// make sure the account used is verified
392+
if getTwinVerificationState(d.TwinID) != "VERIFIED" {
393+
return fmt.Errorf("user is not verified")
394+
}
395+
388396
message, err := d.ChallengeHash()
389397
if err != nil {
390398
return err
@@ -617,7 +625,6 @@ func (d *Deployment) Upgrade(n *Deployment) ([]UpgradeOp, error) {
617625
wl,
618626
OpUpdate,
619627
})
620-
621628
}
622629
// other wise. we leave it untouched
623630
}
@@ -665,3 +672,46 @@ func (o JobOperation) String() string {
665672
return "unknown"
666673
}
667674
}
675+
676+
// getTwinVerificationState make sure the account used is verified we have the user public key in bytes(pkBytes)
677+
func getTwinVerificationState(twinID uint32) (status string) {
678+
verificationServiceURL := "https://kyc1.gent01.dev.grid.tf/api/v1/status"
679+
status = "FAILED"
680+
681+
request, err := http.NewRequest(http.MethodGet, verificationServiceURL, nil)
682+
if err != nil {
683+
return
684+
}
685+
686+
q := request.URL.Query()
687+
q.Set("twinID", fmt.Sprint(twinID))
688+
request.URL.RawQuery = q.Encode()
689+
690+
cl := &http.Client{
691+
Timeout: 10 * time.Second,
692+
}
693+
694+
response, err := cl.Do(request)
695+
if err != nil {
696+
return
697+
}
698+
defer response.Body.Close()
699+
700+
body, err := io.ReadAll(response.Body)
701+
if err != nil {
702+
return
703+
}
704+
705+
bodyMap := map[string]string{}
706+
err = json.Unmarshal(body, &bodyMap)
707+
if err != nil {
708+
return
709+
}
710+
711+
if response.StatusCode != http.StatusOK {
712+
log.Error().Msgf("failed to verify user status: %s", bodyMap["error"])
713+
return
714+
}
715+
716+
return bodyMap["status"]
717+
}

0 commit comments

Comments
 (0)