From 22b172a06c489c6d7ef3b24881fd18e92afad817 Mon Sep 17 00:00:00 2001 From: zenground0 Date: Fri, 20 Jun 2025 22:34:30 +0200 Subject: [PATCH] chore!: PDP service contract whitelist Using current Alpha release FilecoinWarmStorageService contract address on calibnet --- pdp/contract/addresses.go | 23 ++++++++++++++++++++++- pdp/handlers.go | 6 ++++++ 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/pdp/contract/addresses.go b/pdp/contract/addresses.go index 96245b183..f1dfb1c47 100644 --- a/pdp/contract/addresses.go +++ b/pdp/contract/addresses.go @@ -12,7 +12,8 @@ import ( ) type PDPContracts struct { - PDPVerifier common.Address + PDPVerifier common.Address + AllowedPublicRecordKeepers []common.Address } func ContractAddresses() PDPContracts { @@ -20,6 +21,9 @@ func ContractAddresses() PDPContracts { case build.BuildCalibnet: return PDPContracts{ PDPVerifier: common.HexToAddress("0x445238Eca6c6aB8Dff1Aa6087d9c05734D22f137"), + AllowedPublicRecordKeepers: []common.Address{ + common.HexToAddress("0x80617b65FD2EEa1D7fDe2B4F85977670690ed348"), // FilecoinWarmStorageService + }, } case build.BuildMainnet: // Compatible contract not yet deployed @@ -34,3 +38,20 @@ const NumChallenges = 5 func SybilFee() *big.Int { return must.One(types.ParseFIL("0.1")).Int } + +// IsPublicService checks if a service label indicates a public service +func IsPublicService(serviceLabel string) bool { + return serviceLabel == "public" +} + +// IsRecordKeeperAllowed checks if a recordkeeper address is in the whitelist +// Returns true if the address is allowed, or if there's no whitelist for the network +func IsRecordKeeperAllowed(recordKeeper common.Address) bool { + // Check if the recordkeeper is in the whitelist + for _, allowed := range ContractAddresses().AllowedPublicRecordKeepers { + if recordKeeper == allowed { + return true + } + } + return false +} diff --git a/pdp/handlers.go b/pdp/handlers.go index 571c61ad5..fdde5b69c 100644 --- a/pdp/handlers.go +++ b/pdp/handlers.go @@ -170,6 +170,12 @@ func (p *PDPService) handleCreateDataSet(w http.ResponseWriter, r *http.Request) return } + // Check if the recordkeeper is in the whitelist for public services + if contract.IsPublicService(serviceLabel) && !contract.IsRecordKeeperAllowed(recordKeeperAddr) { + http.Error(w, "recordKeeper address not allowed for public service", http.StatusForbidden) + return + } + // Decode extraData if provided extraDataBytes := []byte{} if reqBody.ExtraData != nil {