Compare commits
1 Commits
devin/1776
...
fix/explor
| Author | SHA1 | Date | |
|---|---|---|---|
|
5ea36e8958 |
@@ -1,6 +1,7 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
@@ -30,7 +31,11 @@ func (m *AuthMiddleware) RequireAuth(next http.Handler) http.Handler {
|
||||
return
|
||||
}
|
||||
|
||||
ctx := ContextWithAuth(r.Context(), address, track, true)
|
||||
// Add user context
|
||||
ctx := context.WithValue(r.Context(), "user_address", address)
|
||||
ctx = context.WithValue(ctx, "user_track", track)
|
||||
ctx = context.WithValue(ctx, "authenticated", true)
|
||||
|
||||
next.ServeHTTP(w, r.WithContext(ctx))
|
||||
})
|
||||
}
|
||||
@@ -39,7 +44,11 @@ func (m *AuthMiddleware) RequireAuth(next http.Handler) http.Handler {
|
||||
func (m *AuthMiddleware) RequireTrack(requiredTrack int) func(http.Handler) http.Handler {
|
||||
return func(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
track := UserTrack(r.Context())
|
||||
// Extract track from context (set by RequireAuth or OptionalAuth)
|
||||
track, ok := r.Context().Value("user_track").(int)
|
||||
if !ok {
|
||||
track = 1 // Default to Track 1 (public)
|
||||
}
|
||||
|
||||
if !featureflags.HasAccess(track, requiredTrack) {
|
||||
writeForbidden(w, requiredTrack)
|
||||
@@ -56,33 +65,40 @@ func (m *AuthMiddleware) OptionalAuth(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
address, track, err := m.extractAuth(r)
|
||||
if err != nil {
|
||||
// No auth provided (or auth failed) — fall back to Track 1.
|
||||
ctx := ContextWithAuth(r.Context(), "", defaultTrackLevel, false)
|
||||
// No auth provided, default to Track 1 (public)
|
||||
ctx := context.WithValue(r.Context(), "user_address", "")
|
||||
ctx = context.WithValue(ctx, "user_track", 1)
|
||||
ctx = context.WithValue(ctx, "authenticated", false)
|
||||
next.ServeHTTP(w, r.WithContext(ctx))
|
||||
return
|
||||
}
|
||||
|
||||
ctx := ContextWithAuth(r.Context(), address, track, true)
|
||||
// Auth provided, add user context
|
||||
ctx := context.WithValue(r.Context(), "user_address", address)
|
||||
ctx = context.WithValue(ctx, "user_track", track)
|
||||
ctx = context.WithValue(ctx, "authenticated", true)
|
||||
|
||||
next.ServeHTTP(w, r.WithContext(ctx))
|
||||
})
|
||||
}
|
||||
|
||||
// extractAuth extracts authentication information from the request.
|
||||
// Returns ErrMissingAuthorization when no usable Bearer token is present;
|
||||
// otherwise returns the error from JWT validation.
|
||||
// extractAuth extracts authentication information from request
|
||||
func (m *AuthMiddleware) extractAuth(r *http.Request) (string, int, error) {
|
||||
// Get Authorization header
|
||||
authHeader := r.Header.Get("Authorization")
|
||||
if authHeader == "" {
|
||||
return "", 0, ErrMissingAuthorization
|
||||
return "", 0, http.ErrMissingFile
|
||||
}
|
||||
|
||||
// Check for Bearer token
|
||||
parts := strings.Split(authHeader, " ")
|
||||
if len(parts) != 2 || parts[0] != "Bearer" {
|
||||
return "", 0, ErrMissingAuthorization
|
||||
return "", 0, http.ErrMissingFile
|
||||
}
|
||||
|
||||
token := parts[1]
|
||||
|
||||
// Validate JWT token
|
||||
address, track, err := m.walletAuth.ValidateJWT(token)
|
||||
if err != nil {
|
||||
return "", 0, err
|
||||
|
||||
@@ -1,60 +0,0 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
)
|
||||
|
||||
// ctxKey is an unexported type for request-scoped authentication values.
|
||||
// Using a distinct type (rather than a bare string) keeps our keys out of
|
||||
// collision range for any other package that also calls context.WithValue,
|
||||
// and silences go vet's SA1029.
|
||||
type ctxKey string
|
||||
|
||||
const (
|
||||
ctxKeyUserAddress ctxKey = "user_address"
|
||||
ctxKeyUserTrack ctxKey = "user_track"
|
||||
ctxKeyAuthenticated ctxKey = "authenticated"
|
||||
)
|
||||
|
||||
// Default track level applied to unauthenticated requests (Track 1 = public).
|
||||
const defaultTrackLevel = 1
|
||||
|
||||
// ErrMissingAuthorization is returned by extractAuth when no usable
|
||||
// Authorization header is present on the request. Callers should treat this
|
||||
// as "no auth supplied" rather than a hard failure for optional-auth routes.
|
||||
var ErrMissingAuthorization = errors.New("middleware: authorization header missing or malformed")
|
||||
|
||||
// ContextWithAuth returns a child context carrying the supplied
|
||||
// authentication state. It is the single place in the package that writes
|
||||
// the auth context keys.
|
||||
func ContextWithAuth(parent context.Context, address string, track int, authenticated bool) context.Context {
|
||||
ctx := context.WithValue(parent, ctxKeyUserAddress, address)
|
||||
ctx = context.WithValue(ctx, ctxKeyUserTrack, track)
|
||||
ctx = context.WithValue(ctx, ctxKeyAuthenticated, authenticated)
|
||||
return ctx
|
||||
}
|
||||
|
||||
// UserAddress returns the authenticated wallet address stored on ctx, or
|
||||
// "" if the context is not authenticated.
|
||||
func UserAddress(ctx context.Context) string {
|
||||
addr, _ := ctx.Value(ctxKeyUserAddress).(string)
|
||||
return addr
|
||||
}
|
||||
|
||||
// UserTrack returns the access tier recorded on ctx. If no track was set
|
||||
// (e.g. the request bypassed all auth middleware) the caller receives
|
||||
// Track 1 (public) so route-level checks can still make a decision.
|
||||
func UserTrack(ctx context.Context) int {
|
||||
if track, ok := ctx.Value(ctxKeyUserTrack).(int); ok {
|
||||
return track
|
||||
}
|
||||
return defaultTrackLevel
|
||||
}
|
||||
|
||||
// IsAuthenticated reports whether the current request carried a valid auth
|
||||
// token that was successfully parsed by the middleware.
|
||||
func IsAuthenticated(ctx context.Context) bool {
|
||||
ok, _ := ctx.Value(ctxKeyAuthenticated).(bool)
|
||||
return ok
|
||||
}
|
||||
@@ -1,62 +0,0 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestContextWithAuthRoundTrip(t *testing.T) {
|
||||
ctx := ContextWithAuth(context.Background(), "0xabc", 4, true)
|
||||
|
||||
if got := UserAddress(ctx); got != "0xabc" {
|
||||
t.Fatalf("UserAddress() = %q, want %q", got, "0xabc")
|
||||
}
|
||||
if got := UserTrack(ctx); got != 4 {
|
||||
t.Fatalf("UserTrack() = %d, want 4", got)
|
||||
}
|
||||
if !IsAuthenticated(ctx) {
|
||||
t.Fatal("IsAuthenticated() = false, want true")
|
||||
}
|
||||
}
|
||||
|
||||
func TestUserTrackDefaultsToTrack1OnBareContext(t *testing.T) {
|
||||
if got := UserTrack(context.Background()); got != defaultTrackLevel {
|
||||
t.Fatalf("UserTrack(empty) = %d, want %d", got, defaultTrackLevel)
|
||||
}
|
||||
}
|
||||
|
||||
func TestUserAddressEmptyOnBareContext(t *testing.T) {
|
||||
if got := UserAddress(context.Background()); got != "" {
|
||||
t.Fatalf("UserAddress(empty) = %q, want empty", got)
|
||||
}
|
||||
}
|
||||
|
||||
func TestIsAuthenticatedFalseOnBareContext(t *testing.T) {
|
||||
if IsAuthenticated(context.Background()) {
|
||||
t.Fatal("IsAuthenticated(empty) = true, want false")
|
||||
}
|
||||
}
|
||||
|
||||
// TestContextKeyIsolation proves that the typed ctxKey values cannot be
|
||||
// shadowed by a caller using bare-string keys with the same spelling.
|
||||
// This is the specific class of bug fixed by this PR.
|
||||
func TestContextKeyIsolation(t *testing.T) {
|
||||
ctx := context.WithValue(context.Background(), "user_address", "injected")
|
||||
if got := UserAddress(ctx); got != "" {
|
||||
t.Fatalf("expected empty address (bare string key must not collide), got %q", got)
|
||||
}
|
||||
}
|
||||
|
||||
func TestErrMissingAuthorizationIsSentinel(t *testing.T) {
|
||||
if ErrMissingAuthorization == nil {
|
||||
t.Fatal("ErrMissingAuthorization must not be nil")
|
||||
}
|
||||
wrapped := errors.New("wrapped: " + ErrMissingAuthorization.Error())
|
||||
if errors.Is(wrapped, ErrMissingAuthorization) {
|
||||
t.Fatal("string-wrapped error must not satisfy errors.Is (smoke check)")
|
||||
}
|
||||
if !errors.Is(ErrMissingAuthorization, ErrMissingAuthorization) {
|
||||
t.Fatal("ErrMissingAuthorization must satisfy errors.Is against itself")
|
||||
}
|
||||
}
|
||||
@@ -4,7 +4,6 @@ import (
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
|
||||
"github.com/explorer/backend/api/middleware"
|
||||
"github.com/explorer/backend/featureflags"
|
||||
)
|
||||
|
||||
@@ -17,8 +16,11 @@ func (s *Server) handleFeatures(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
// Extract user track from context (set by auth middleware)
|
||||
// Default to Track 1 (public) if not authenticated (handled by helper).
|
||||
userTrack := middleware.UserTrack(r.Context())
|
||||
// Default to Track 1 (public) if not authenticated
|
||||
userTrack := 1
|
||||
if track, ok := r.Context().Value("user_track").(int); ok {
|
||||
userTrack = track
|
||||
}
|
||||
|
||||
// Get enabled features for this track
|
||||
enabledFeatures := featureflags.GetEnabledFeatures(userTrack)
|
||||
|
||||
@@ -12,7 +12,6 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/explorer/backend/api/middleware"
|
||||
"github.com/explorer/backend/auth"
|
||||
"github.com/jackc/pgx/v5/pgxpool"
|
||||
)
|
||||
@@ -186,7 +185,7 @@ func (s *Server) requireOperatorAccess(w http.ResponseWriter, r *http.Request) (
|
||||
return "", "", false
|
||||
}
|
||||
|
||||
operatorAddr := middleware.UserAddress(r.Context())
|
||||
operatorAddr, _ := r.Context().Value("user_address").(string)
|
||||
operatorAddr = strings.TrimSpace(operatorAddr)
|
||||
if operatorAddr == "" {
|
||||
writeError(w, http.StatusUnauthorized, "unauthorized", "Operator address required")
|
||||
|
||||
@@ -13,8 +13,6 @@ import (
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/explorer/backend/api/middleware"
|
||||
)
|
||||
|
||||
type runScriptRequest struct {
|
||||
@@ -69,7 +67,7 @@ func (s *Server) HandleRunScript(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
operatorAddr := middleware.UserAddress(r.Context())
|
||||
operatorAddr, _ := r.Context().Value("user_address").(string)
|
||||
if operatorAddr == "" {
|
||||
writeError(w, http.StatusUnauthorized, "unauthorized", "Operator address required")
|
||||
return
|
||||
|
||||
@@ -11,7 +11,6 @@ import (
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
|
||||
"github.com/explorer/backend/api/middleware"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
@@ -46,7 +45,7 @@ func TestHandleRunScriptUsesForwardedClientIPAndRunsAllowlistedScript(t *testing
|
||||
|
||||
reqBody := []byte(`{"script":"echo.sh","args":["world"]}`)
|
||||
req := httptest.NewRequest(http.MethodPost, "/api/v1/track4/operator/run-script", bytes.NewReader(reqBody))
|
||||
req = req.WithContext(middleware.ContextWithAuth(req.Context(), "0x4A666F96fC8764181194447A7dFdb7d471b301C8", 4, true))
|
||||
req = req.WithContext(context.WithValue(req.Context(), "user_address", "0x4A666F96fC8764181194447A7dFdb7d471b301C8"))
|
||||
req.RemoteAddr = "10.0.0.10:8080"
|
||||
req.Header.Set("X-Forwarded-For", "203.0.113.9, 10.0.0.10")
|
||||
w := httptest.NewRecorder()
|
||||
@@ -78,7 +77,7 @@ func TestHandleRunScriptRejectsNonAllowlistedScript(t *testing.T) {
|
||||
s := &Server{roleMgr: &stubRoleManager{allowed: true}, chainID: 138}
|
||||
|
||||
req := httptest.NewRequest(http.MethodPost, "/api/v1/track4/operator/run-script", bytes.NewReader([]byte(`{"script":"blocked.sh"}`)))
|
||||
req = req.WithContext(middleware.ContextWithAuth(req.Context(), "0x4A666F96fC8764181194447A7dFdb7d471b301C8", 4, true))
|
||||
req = req.WithContext(context.WithValue(req.Context(), "user_address", "0x4A666F96fC8764181194447A7dFdb7d471b301C8"))
|
||||
req.RemoteAddr = "127.0.0.1:9999"
|
||||
w := httptest.NewRecorder()
|
||||
|
||||
@@ -101,7 +100,7 @@ func TestHandleRunScriptRejectsFilenameCollisionOutsideAllowlistedPath(t *testin
|
||||
s := &Server{roleMgr: &stubRoleManager{allowed: true}, chainID: 138}
|
||||
|
||||
req := httptest.NewRequest(http.MethodPost, "/api/v1/track4/operator/run-script", bytes.NewReader([]byte(`{"script":"unsafe/backup.sh"}`)))
|
||||
req = req.WithContext(middleware.ContextWithAuth(req.Context(), "0x4A666F96fC8764181194447A7dFdb7d471b301C8", 4, true))
|
||||
req = req.WithContext(context.WithValue(req.Context(), "user_address", "0x4A666F96fC8764181194447A7dFdb7d471b301C8"))
|
||||
req.RemoteAddr = "127.0.0.1:9999"
|
||||
w := httptest.NewRecorder()
|
||||
|
||||
@@ -123,7 +122,7 @@ func TestHandleRunScriptTruncatesLargeOutput(t *testing.T) {
|
||||
s := &Server{roleMgr: &stubRoleManager{allowed: true}, chainID: 138}
|
||||
|
||||
req := httptest.NewRequest(http.MethodPost, "/api/v1/track4/operator/run-script", bytes.NewReader([]byte(`{"script":"large.sh"}`)))
|
||||
req = req.WithContext(middleware.ContextWithAuth(req.Context(), "0x4A666F96fC8764181194447A7dFdb7d471b301C8", 4, true))
|
||||
req = req.WithContext(context.WithValue(req.Context(), "user_address", "0x4A666F96fC8764181194447A7dFdb7d471b301C8"))
|
||||
req.RemoteAddr = "127.0.0.1:9999"
|
||||
w := httptest.NewRecorder()
|
||||
|
||||
|
||||
@@ -36,11 +36,17 @@ function isValidAddress(value: string) {
|
||||
return /^0x[a-fA-F0-9]{40}$/.test(value)
|
||||
}
|
||||
|
||||
function isContractWriteExecutionEnabled() {
|
||||
const value = (process.env.NEXT_PUBLIC_ENABLE_CONTRACT_WRITES || '').trim().toLowerCase()
|
||||
return value === '1' || value === 'true' || value === 'yes'
|
||||
}
|
||||
|
||||
export default function AddressDetailPage() {
|
||||
const router = useRouter()
|
||||
const address = typeof router.query.address === 'string' ? router.query.address : ''
|
||||
const isValidAddressParam = address !== '' && isValidAddress(address)
|
||||
const chainId = parseInt(process.env.NEXT_PUBLIC_CHAIN_ID || '138')
|
||||
const contractWriteExecutionEnabled = isContractWriteExecutionEnabled()
|
||||
|
||||
const [addressInfo, setAddressInfo] = useState<AddressInfo | null>(null)
|
||||
const [transactions, setTransactions] = useState<TransactionSummary[]>([])
|
||||
@@ -537,7 +543,24 @@ export default function AddressDetailPage() {
|
||||
<DetailRow label="Interaction Surface">
|
||||
<div className="flex flex-wrap gap-2">
|
||||
{contractProfile?.has_custom_methods_read ? <EntityBadge label="read methods" tone="success" /> : <EntityBadge label="read unknown" /> }
|
||||
{contractProfile?.has_custom_methods_write ? <EntityBadge label="write methods" tone="warning" /> : <EntityBadge label="write unknown" /> }
|
||||
{contractProfile?.has_custom_methods_write ? (
|
||||
<EntityBadge
|
||||
label={contractWriteExecutionEnabled ? 'write methods enabled' : 'write methods hidden'}
|
||||
tone="warning"
|
||||
/>
|
||||
) : <EntityBadge label="write unknown" /> }
|
||||
</div>
|
||||
</DetailRow>
|
||||
<DetailRow label="Execution Policy">
|
||||
<div className="space-y-2">
|
||||
<div className="flex flex-wrap gap-2">
|
||||
<EntityBadge label={contractWriteExecutionEnabled ? 'advanced execution enabled' : 'read-only explorer mode'} tone={contractWriteExecutionEnabled ? 'warning' : 'success'} />
|
||||
</div>
|
||||
<div className="text-sm text-gray-600 dark:text-gray-400">
|
||||
{contractWriteExecutionEnabled
|
||||
? 'This session allows direct contract write prompts from the explorer. Use only in controlled operator environments.'
|
||||
: 'State-changing contract execution is disabled in the default explorer experience so investigation stays read-only and easier to govern.'}
|
||||
</div>
|
||||
</div>
|
||||
</DetailRow>
|
||||
<DetailRow label="Proxy Type">
|
||||
@@ -681,7 +704,7 @@ export default function AddressDetailPage() {
|
||||
</div>
|
||||
</DetailRow>
|
||||
)}
|
||||
{contractProfile?.write_methods && contractProfile.write_methods.length > 0 && (
|
||||
{contractProfile?.write_methods && contractProfile.write_methods.length > 0 && contractWriteExecutionEnabled && (
|
||||
<DetailRow label="Write Methods">
|
||||
<div className="space-y-2">
|
||||
{contractProfile.write_methods.slice(0, 6).map((method) => (
|
||||
@@ -742,6 +765,13 @@ export default function AddressDetailPage() {
|
||||
</div>
|
||||
</DetailRow>
|
||||
)}
|
||||
{contractProfile?.write_methods && contractProfile.write_methods.length > 0 && !contractWriteExecutionEnabled && (
|
||||
<DetailRow label="Write Methods">
|
||||
<div className="rounded-xl border border-amber-200 bg-amber-50 p-4 text-sm text-amber-900 dark:border-amber-900/50 dark:bg-amber-950/30 dark:text-amber-100">
|
||||
Direct write execution is disabled in this explorer environment. Review the ABI and method signatures here, then use a separate operator-approved contract console if execution is required.
|
||||
</div>
|
||||
</DetailRow>
|
||||
)}
|
||||
{contractProfile?.creation_bytecode && (
|
||||
<DetailRow label="Creation Bytecode">
|
||||
<code className="block break-all rounded bg-gray-50 p-2 text-xs dark:bg-gray-950">
|
||||
|
||||
Reference in New Issue
Block a user