check tenant approval before processing rpc requests

decentralized-identity · Nov 8, 2023 · b62809f · b62809f
1 parent 491c052
commit b62809f
Show file tree

Hide file tree

Showing 3 changed files with 263 additions and 193 deletions.
diff --git a/src/http-api.ts b/src/http-api.ts
@@ -153,6 +153,19 @@ export class HttpApi {
         return res.status(400).json(reply);
       }
 
+      if (
+        config.powRegistration &&
+        !(await this.#pow.isAuthorized(dwnRpcRequest.params.target))
+      ) {
+        const reply = createJsonRpcErrorResponse(
+          dwnRpcRequest.id || uuidv4(),
+          JsonRpcErrorCodes.Forbidden,
+          'tenant not authorized, please register first',
+        );
+
+        return res.status(403).json(reply);
+      }
+
       // Check whether data was provided in the request body
       const contentLength = req.headers['content-length'];
       const transferEncoding = req.headers['transfer-encoding'];

diff --git a/src/pow.ts b/src/pow.ts
@@ -42,6 +42,16 @@ export class ProofOfWork {
     );
   }
 
+  async isAuthorized(tenant: string): Promise<boolean> {
+    const result = await this.#db
+      .selectFrom('authorizedTenants')
+      .select('did')
+      .where('did', '=', tenant)
+      .execute();
+
+    return result.length > 0;
+  }
+
   private async getChallenge(_req: Request, res: Response): Promise<void> {
     const challenge = generateChallenge();
     recentChallenges[challenge] = Date.now();
@@ -63,7 +73,9 @@ export class ProofOfWork {
     hash.update(body.response);
 
     const complexity = getComplexity();
-    if (!hash.digest('hex').startsWith('0'.repeat(complexity))) {
+    const digest = hash.digest('hex');
+    console.log('digest: ', digest);
+    if (!digest.startsWith('0'.repeat(complexity))) {
       res.status(401).json({ success: false });
       return;
     }