feat: allow PublicWeb2 source on testnets

Author: adg-flare

src/config/web2/web2-json-test-sources.ts

@@ -1,7 +1,17 @@
 import { AuthType, HTTP_METHOD, Web2JsonSource } from '../interfaces/web2-json';
 
+/**
+ * Special source allowing access to any public Web2 JSON endpoint without restrictions.
+ * Only available on testnets.
+ */
+export const PUBLIC_WEB2: Web2JsonSource = {
+  sourceId: 'PublicWeb2',
+  endpoints: [],
+};
+
 /** Allowed Web2Json sources definitions for testnet deployments. */
 export const WEB2_JSON_TEST_SOURCES: Web2JsonSource[] = [
+  PUBLIC_WEB2,
   {
     sourceId: 'testIgnite',
     endpoints: [
@@ -17,14 +27,4 @@ export const WEB2_JSON_TEST_SOURCES: Web2JsonSource[] = [
       },
     ],
   },
-  {
-    sourceId: 'testAPIs',
-    endpoints: [
-      {
-        host: 'jsonplaceholder.typicode.com',
-        paths: ['/todos'],
-        methods: [HTTP_METHOD.GET],
-      },
-    ],
-  },
 ];

src/services/web2-json-verifier.service.ts

@@ -12,6 +12,7 @@ import {
   Web2Json_Response,
 } from '../dtos/attestation-types/Web2Json.dto';
 import {
+  decodeAttestationName,
   encodeAttestationName,
   serializeBigInts,
 } from '../external-libs/utils';
@@ -50,21 +51,22 @@ export class Web2JsonVerifierService extends BaseVerifierService<
   }
 
   protected checkSupportedType(request: Web2Json_Request) {
-    const supportedAttestation = encodeAttestationName(
-      Web2JsonVerifierService.attestationName,
+    const requestType = decodeAttestationName(request.attestationType);
+    const requestSourceId = decodeAttestationName(request.sourceId);
+    const supportedSourceIds = this.web2JsonConfig.sources.map(
+      (s) => s.sourceId,
     );
-    const supportedSources = this.web2JsonConfig.sources.map((s) => s.sourceId);
 
     if (
-      request.attestationType !== supportedAttestation ||
-      !supportedSources.some(
-        (s) => request.sourceId == encodeAttestationName(s),
-      )
+      requestType !== Web2JsonVerifierService.attestationName ||
+      !supportedSourceIds.some((s) => requestSourceId == s)
     ) {
+      const errorMsg = `Attestation type and source id combination not supported: ${requestType}/${requestSourceId}. Supported attestation type: '${Web2JsonVerifierService.attestationName}'. Supported source ids: [${supportedSourceIds.join(', ')}].`;
+      this.logger.debug(errorMsg);
       throw new HttpException(
         {
           status: HttpStatus.BAD_REQUEST,
-          error: `Attestation type and source id combination not supported: (${request.attestationType}, ${request.sourceId}). Supported attestation: '${Web2JsonVerifierService.attestationName}' (${supportedAttestation}). Supported source ids: [${supportedSources.join(', ')}] ([${supportedSources.map(encodeAttestationName).join(', ')}]).`,
+          error: errorMsg,
         },
         HttpStatus.BAD_REQUEST,
       );

src/verification/web-2-json/validate-request.ts

@@ -1,8 +1,8 @@
 import {
   CheckedUrl,
   parseUrl,
-  validatePath,
   validateHttpMethod,
+  validatePath,
   validateUrl,
 } from './validate-url';
 import { Web2Json_Request } from '../../dtos/attestation-types/Web2Json.dto';
@@ -18,6 +18,7 @@ import { validateJqFilter } from './validate-jq';
 import { ParamType } from 'ethers';
 import { parseAndValidateAbiType } from './validate-abi';
 import { Web2JsonValidationError } from './utils';
+import { PUBLIC_WEB2 } from '../../config/web2/web2-json-test-sources';
 
 export interface ParsedRequestBody {
   validSourceUrl: CheckedUrl;
@@ -47,18 +48,6 @@ export async function parseAndValidateRequest(
       `Invalid source URL: ${(e as Error).message}`,
     );
   }
-  const endpoint = source.endpoints.find((e) => e.host === parsedUrl.hostname);
-  if (!endpoint) {
-    throw new Web2JsonValidationError(
-      AttestationResponseStatus.INVALID_SOURCE_URL,
-      'Source URL host not allowed',
-    );
-  }
-  // validate endpoint path
-  validatePath(parsedUrl, endpoint);
-  // validate HTTP method
-  const sourceMethod = requestBody.httpMethod;
-  validateHttpMethod(sourceMethod, endpoint.methods);
   // validate headers
   const sourceHeaders =
     parseJsonWithDepthAndKeysValidation(
@@ -80,37 +69,58 @@ export async function parseAndValidateRequest(
       AttestationResponseStatus.INVALID_QUERY_PARAMS,
     ) ?? {};
 
-  // validate jq filter length and content
-  const jqFilter = requestBody.postProcessJq;
-  validateJqFilter(requestBody.postProcessJq, securityParams.maxJqFilterLength);
-  // validate ABI signature
-  const abiType = parseAndValidateAbiType(
-    requestBody.abiSignature,
-    securityParams.maxAbiSignatureLength,
-  );
+  const sourceMethod = requestBody.httpMethod;
 
-  // Inject authentication token from endpoint.auth if configured
-  if (endpoint.auth) {
-    const token = process.env[endpoint.auth.env];
-    if (!token) {
-      throw Error(
-        `Missing API key in environment variable ${endpoint.auth.env} for host ${endpoint.host}`,
+  if (source === PUBLIC_WEB2) {
+    // validate HTTP method
+    validateHttpMethod(sourceMethod, [HTTP_METHOD.GET, HTTP_METHOD.POST]);
+  } else {
+    const endpoint = source.endpoints.find(
+      (e) => e.host === parsedUrl.hostname,
+    );
+    if (!endpoint) {
+      throw new Web2JsonValidationError(
+        AttestationResponseStatus.INVALID_SOURCE_URL,
+        'Source URL host not allowed',
       );
     }
 
-    if (endpoint.auth.type === AuthType.BEARER) {
-      sourceHeaders['Authorization'] = `Bearer ${token}`;
-    } else if (endpoint.auth.type === AuthType.APIKEY) {
-      if (endpoint.auth.header) {
-        sourceHeaders[endpoint.auth.header] = token;
+    // validate endpoint path
+    validatePath(parsedUrl, endpoint);
+    // validate HTTP method
+    validateHttpMethod(sourceMethod, endpoint.methods);
+    // Inject authentication token from endpoint.auth if configured
+    if (endpoint.auth) {
+      const token = process.env[endpoint.auth.env];
+      if (!token) {
+        throw Error(
+          `Missing API key in environment variable ${endpoint.auth.env} for host ${endpoint.host}`,
+        );
+      }
+
+      if (endpoint.auth.type === AuthType.BEARER) {
+        sourceHeaders['Authorization'] = `Bearer ${token}`;
+      } else if (endpoint.auth.type === AuthType.APIKEY) {
+        if (endpoint.auth.header) {
+          sourceHeaders[endpoint.auth.header] = token;
+        } else {
+          sourceQueryParams[endpoint.auth.query] = token;
+        }
       } else {
-        sourceQueryParams[endpoint.auth.query] = token;
+        throw new Error(`Unsupported auth type for host ${endpoint.host}`);
       }
-    } else {
-      throw new Error(`Unsupported auth type for host ${endpoint.host}`);
     }
   }
 
+  // validate jq filter length and content
+  const jqFilter = requestBody.postProcessJq;
+  validateJqFilter(requestBody.postProcessJq, securityParams.maxJqFilterLength);
+  // validate ABI signature
+  const abiType = parseAndValidateAbiType(
+    requestBody.abiSignature,
+    securityParams.maxAbiSignatureLength,
+  );
+
   // validate body
   const sourceBody = parseJsonWithDepthAndKeysValidation(
     requestBody.body,

test/unit/web2/verify-sources.unit.ts

@@ -38,9 +38,17 @@ describe('Web2Json source validation', () => {
     });
   });
   describe('host and path validation', () => {
-    const allSources = WEB2_JSON_SOURCES.concat(WEB2_JSON_TEST_SOURCES);
+    it('endpoints should be defined for mainnet sources', () => {
+      for (const source of WEB2_JSON_SOURCES) {
+        expect(
+          source.endpoints.length > 0,
+          `No endpoints defined for sourceId=${source.sourceId}`,
+        ).to.be.true;
+      }
+    });
 
     it('all endpoint host+path combinations should form valid URLs', () => {
+      const allSources = WEB2_JSON_SOURCES.concat(WEB2_JSON_TEST_SOURCES);
       for (const source of allSources) {
         for (const endpoint of source.endpoints) {
           const host = endpoint.host;