Skip to content

fix: account/egress/get handler configuration #30

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
volmedo wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: account/egress/get handler configuration #30

volmedo wants to merge 1 commit into from
+56 −1

Conversation

@volmedo
Copy link
Member

@volmedo volmedo commented Feb 3, 2026

Ref. storacha/project-tracking#619

Fixes and tweaks found when testing the new account/egress/get handler.

More specifically:

  • adds a custom principal parser so that the verifier can work with RSA keys, which is the type of key generated in the browser. By default, go-ucanto verifiers only support Ed25519 keys.
  • allows the service to do dynamodb:GetItem on the customers table, required for the new CustomerTable.Has method.
  • adds presets for resolution of the upload service principals, required during verification of incoming invocations because the ucanto server is configured to trust attestations from the upload service but it needs its keys to resolve properly.
  • adds a CORS middleware to the HTTP server so that the dashboard webapp can invoke account/egress/get, similar to what the upload service does.

@volmedo volmedo requested a review from a team February 3, 2026 11:06
@volmedo volmedo self-assigned this Feb 3, 2026
volmedo
volmedo commented Feb 3, 2026
View reviewed changes
cmd/etracker/start.go
server.WithAdminCreds(cfg.AdminDashboardUser, cfg.AdminDashboardPassword),
server.WithPricing(cfg.ClientEgressUSDPerTiB, cfg.ProviderEgressUSDPerTiB),
server.WithPrincipalResolver(presolver),
server.WithPrincipalParser(parsePrincipal),
Copy link
Member Author

@volmedo volmedo Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd love confirmation that it is expected that only Ed25519 keys are supported by default and this is the right approach.

Copy link
Member

@alanshaw alanshaw Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure I underatand - you added RSA so I assume you've run into RSA keys?

Currenty in the browser RSA keys are generated by default, since ed25519 support did not exist when it was built.

Copy link
Member Author

@volmedo volmedo Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, I'm getting delegations signed with RSA keys from the web app. What I meant with my comment is that go-ucanto verifiers, by default, only handle ed25519 keys.

Are you saying I can set the client up in the browser to generate ed25519 keys instead? I think I'd prefer that, if ed25519 support is generally available across browsers now.

volmedo
volmedo commented Feb 3, 2026
View reviewed changes
internal/server/server.go
func corsMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Allow all origins
w.Header().Set("Access-Control-Allow-Origin", "*")
Copy link
Member Author

@volmedo volmedo Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we'll want to restrict this once we know where the dashboard gets deployed

alanshaw
alanshaw approved these changes Feb 3, 2026
View reviewed changes
cmd/etracker/start.go
server.WithAdminCreds(cfg.AdminDashboardUser, cfg.AdminDashboardPassword),
server.WithPricing(cfg.ClientEgressUSDPerTiB, cfg.ProviderEgressUSDPerTiB),
server.WithPrincipalResolver(presolver),
server.WithPrincipalParser(parsePrincipal),
Copy link
Member

@alanshaw alanshaw Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure I underatand - you added RSA so I assume you've run into RSA keys?

Currenty in the browser RSA keys are generated by default, since ed25519 support did not exist when it was built.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alanshaw alanshaw alanshaw approved these changes

Assignees

@volmedo volmedo

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@volmedo @alanshaw