filecoin-project · ZenGround0 · May 29, 2025 · May 28, 2025 · May 28, 2025 · aarshkshah1992
diff --git a/pdp/auth.go b/pdp/auth.go
@@ -9,10 +9,30 @@ import (
 	"strings"
 
 	"github.com/golang-jwt/jwt/v4"
+
+	"github.com/filecoin-project/curio/harmony/harmonydb"
 )
 
-// verifyJWTToken extracts and verifies the JWT token from the request and returns the serviceID.
-func (p *PDPService) verifyJWTToken(r *http.Request) (string, error) {
+type Auth interface {
+	AuthService(r *http.Request) (string, error)
+}
+
+type NullAuth struct{}
+
+var _ Auth = (*NullAuth)(nil)
+
+func (a *NullAuth) AuthService(r *http.Request) (string, error) {
+	return "public", nil
+}
+
+type JWTAuth struct {
+	db *harmonydb.DB
+}
+
+var _ Auth = (*JWTAuth)(nil)
+
+// JWTAuth extracts and verifies the JWT token from the request and returns the serviceID.
+func (a *JWTAuth) AuthService(r *http.Request) (string, error) {
 	// Get the Authorization header
 	authHeader := r.Header.Get("Authorization")
 	if authHeader == "" {
@@ -63,7 +83,7 @@ func (p *PDPService) verifyJWTToken(r *http.Request) (string, error) {
 		// Query the database for the public key using serviceID
 		var pubKeyBytes []byte
 		ctx := r.Context()
-		err := p.db.QueryRow(ctx, `
+		err := a.db.QueryRow(ctx, `
             SELECT pubkey FROM pdp_services WHERE service_label=$1
         `, service).Scan(&pubKeyBytes)
 		if err != nil {

diff --git a/pdp/handlers.go b/pdp/handlers.go
@@ -38,6 +38,7 @@ const PDPRoutePath = "/pdp"
 
 // PDPService represents the service for managing proof sets and pieces
 type PDPService struct {
+	Auth
 	db      *harmonydb.DB
 	storage paths.StashStore
 
@@ -53,6 +54,7 @@ type PDPServiceNodeApi interface {
 // NewPDPService creates a new instance of PDPService with the provided stores
 func NewPDPService(db *harmonydb.DB, stor paths.StashStore, ec *ethclient.Client, fc PDPServiceNodeApi, sn *message.SenderETH) *PDPService {
 	return &PDPService{
+		Auth:    &NullAuth{},
 		db:      db,
 		storage: stor,
 
@@ -115,7 +117,7 @@ func Routes(r *chi.Mux, p *PDPService) {
 
 func (p *PDPService) handlePing(w http.ResponseWriter, r *http.Request) {
 	// Verify that the request is authorized using ECDSA JWT
-	_, err := p.verifyJWTToken(r)
+	_, err := p.AuthService(r)
 	if err != nil {
 		http.Error(w, "Unauthorized: "+err.Error(), http.StatusUnauthorized)
 		return
@@ -130,7 +132,7 @@ func (p *PDPService) handleCreateProofSet(w http.ResponseWriter, r *http.Request
 	ctx := r.Context()
 
 	// Step 1: Verify that the request is authorized using ECDSA JWT
-	serviceLabel, err := p.verifyJWTToken(r)
+	serviceLabel, err := p.AuthService(r)
 	if err != nil {
 		http.Error(w, "Unauthorized: "+err.Error(), http.StatusUnauthorized)
 		return
@@ -283,7 +285,7 @@ func (p *PDPService) handleGetProofSetCreationStatus(w http.ResponseWriter, r *h
 	ctx := r.Context()
 
 	// Step 1: Verify that the request is authorized using ECDSA JWT
-	serviceLabel, err := p.verifyJWTToken(r)
+	serviceLabel, err := p.AuthService(r)
 	if err != nil {
 		http.Error(w, "Unauthorized: "+err.Error(), http.StatusUnauthorized)
 		return
@@ -408,7 +410,7 @@ func (p *PDPService) handleGetProofSet(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 
 	// Step 1: Verify that the request is authorized using ECDSA JWT
-	serviceLabel, err := p.verifyJWTToken(r)
+	serviceLabel, err := p.AuthService(r)
 	if err != nil {
 		http.Error(w, "Unauthorized: "+err.Error(), http.StatusUnauthorized)
 		return
@@ -533,7 +535,7 @@ func (p *PDPService) handleAddRootToProofSet(w http.ResponseWriter, r *http.Requ
 	ctx := r.Context()
 
 	// Step 1: Verify that the request is authorized using ECDSA JWT
-	serviceLabel, err := p.verifyJWTToken(r)
+	serviceLabel, err := p.AuthService(r)
 	if err != nil {
 		http.Error(w, "Unauthorized: "+err.Error(), http.StatusUnauthorized)
 		return
@@ -919,7 +921,7 @@ func (p *PDPService) handleAddRootToProofSet(w http.ResponseWriter, r *http.Requ
 func (p *PDPService) handleDeleteProofSetRoot(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	// Step 1: Verify that the request is authorized using ECDSA JWT
-	serviceLabel, err := p.verifyJWTToken(r)
+	serviceLabel, err := p.AuthService(r)
 	if err != nil {
 		http.Error(w, "Unauthorized: "+err.Error(), http.StatusUnauthorized)
 		return

diff --git a/pdp/handlers_upload.go b/pdp/handlers_upload.go
@@ -113,7 +113,7 @@ func (ph *PieceHash) maybeStaticCommp() (cid.Cid, bool) {
 
 func (p *PDPService) handlePiecePost(w http.ResponseWriter, r *http.Request) {
 	// Verify that the request is authorized using ECDSA JWT
-	serviceID, err := p.verifyJWTToken(r)
+	serviceID, err := p.AuthService(r)
 	if err != nil {
 		http.Error(w, "Unauthorized: "+err.Error(), http.StatusUnauthorized)
 		return
@@ -448,7 +448,7 @@ func (p *PDPService) handlePieceUpload(w http.ResponseWriter, r *http.Request) {
 // query parameters
 func (p *PDPService) handleFindPiece(w http.ResponseWriter, r *http.Request) {
 	// Verify that the request is authorized using ECDSA JWT
-	_, err := p.verifyJWTToken(r)
+	_, err := p.AuthService(r)
 	if err != nil {
 		http.Error(w, "Unauthorized: "+err.Error(), http.StatusUnauthorized)
 		return