Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Airnode whitelisting #101

Merged
merged 5 commits into from
Oct 31, 2023
Merged

Implement Airnode whitelisting #101

merged 5 commits into from
Oct 31, 2023

Conversation

Siegrift
Copy link
Collaborator

Closes #98

Rationale

Adding the configuration option for whitelisting addresses is simple, but there is a special case - how to whitelist all? We can have a special meaning for empty array, similarly how it's done in Airnode but I think it would be better for this to be explicit and set it to "all" instead (string literal instead of an array). Alternatively, we can drop the "whitelist all" use case.

The naming is "allowedAirnodes", because it's about Airnode addresses, but the service is not Airnode but Pusher. I don't mind this, because Pusher and Airnode are related.

The "allowedAirnodes" configuration is used for both inserting/querying the data. The "list airnode addresses" endpoint is unchanged, because when all Airnodes are allowed we would need to scan the data storage anyway.

@Siegrift Siegrift requested review from andreogle and metobom October 30, 2023 08:20
@Siegrift Siegrift self-assigned this Oct 30, 2023
Siegrift
Siegrift commented Oct 30, 2023
View reviewed changes
packages/api/src/schema.ts Outdated Show resolved Hide resolved
metobom
metobom reviewed Oct 30, 2023
View reviewed changes
Copy link
Member

@metobom metobom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it is better to use all instead of an empty array.

I am not sure whether not to add .nonempty to disallow [] since it doesn't make sense to deny all Airnodes.

I think empty arrays should be disallowed.

The "allowedAirnodes" configuration is used for both inserting/querying the data.

I couldn't catch the "querying" part, can you explain it?

@Siegrift
Copy link
Collaborator Author

I couldn't catch the "querying" part, can you explain it?

I mean that an API call to get data for an non-whitelistested Airnode address with return 403.

andreogle
andreogle approved these changes Oct 30, 2023
View reviewed changes
packages/api/README.md Show resolved Hide resolved
packages/api/src/handlers.ts Show resolved Hide resolved
packages/api/src/schema.ts Outdated Show resolved Hide resolved
Base automatically changed from log-heartbeat to main October 31, 2023 11:56
@Siegrift Siegrift merged commit 8b27a18 into main Oct 31, 2023
4 checks passed
@Siegrift Siegrift deleted the whitelist-airnodes branch October 31, 2023 13:38
@Siegrift Siegrift mentioned this pull request Nov 7, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@metobom metobom metobom left review comments

@andreogle andreogle andreogle approved these changes

Assignees

@Siegrift Siegrift

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add whitelisted Airnode addresses to the signed API configuration
3 participants
@Siegrift @andreogle @metobom