Add keygen permissions

satiracode · satiracode · commit d3e1a7a95a5b · 2025-05-14T11:59:55.000+04:00
diff --git a/src/main/kotlin/org/exploit/keeper/constant/Permission.kt b/src/main/kotlin/org/exploit/keeper/constant/Permission.kt
@@ -11,6 +11,8 @@ object Permission {
     private const val STORE_WRITE = "bitkeeper.storage.write"
     private const val STORE_READ = "bitkeeper.storage.read"
 
+    private const val GENERATE_KEY = "bitkeeper.dkg.generate"
+
     fun systemUnseal(): String = SYSTEM_UNSEAL
 
     fun systemSeal(): String = SYSTEM_SEAL
@@ -21,6 +23,8 @@ object Permission {
 
     fun storageRead(): String = STORE_READ
 
+    fun generateKey() = GENERATE_KEY
+
     fun keyGetPublicKey(key: String): String = KEY_GET_PUBLICKEY.format(key)
 
     fun keySign(key: String): String = KEY_SIGN.format(key)
diff --git a/src/main/kotlin/org/exploit/keeper/controller/keygen/KeyGenController.kt b/src/main/kotlin/org/exploit/keeper/controller/keygen/KeyGenController.kt
@@ -3,15 +3,24 @@ package org.exploit.keeper.controller.keygen
 import io.smallrye.mutiny.Uni
 import jakarta.ws.rs.POST
 import jakarta.ws.rs.Path
+import jakarta.ws.rs.container.ContainerRequestContext
 import org.exploit.keeper.constant.KeeperCurve
+import org.exploit.keeper.constant.Permission
 import org.exploit.keeper.model.request.Generate
+import org.exploit.keeper.service.auth.policy.MachinePolicyChecker
 import org.exploit.keeper.service.keygen.starter.DKGenerator
 
 @Path("/v1/keeper/dkg")
-class KeyGenController(private val dkg: DKGenerator) {
+class KeyGenController(
+    private val dkg: DKGenerator,
+    private val policyChecker: MachinePolicyChecker,
+    private val ctx: ContainerRequestContext
+) {
     @POST
     @Path("/generate")
     fun generate(body: Generate): Uni<Void> {
+        policyChecker.ensureHasPermission(ctx, Permission.generateKey())
+
         return dkg.generateKey(
             keyId = body.keyId,
             curve = KeeperCurve.fromName(body.curve),
diff --git a/src/main/kotlin/org/exploit/keeper/filter/MachineAuthFilter.kt b/src/main/kotlin/org/exploit/keeper/filter/MachineAuthFilter.kt
@@ -21,7 +21,8 @@ class MachineAuthFilter(
     private val matchers = listOf(
         AntPathMatcher.of("/v1/keeper/sign/**"),
         AntPathMatcher.of("/v1/keeper/publicKey/**"),
-        AntPathMatcher.of("/v1/keeper/system/**")
+        AntPathMatcher.of("/v1/keeper/system/**"),
+        AntPathMatcher.of("/v1/keeper/dkg/**")
     )
 
     override fun filter(ctx: ContainerRequestContext) {

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,8 @@ class MachineAuthFilter(`
`21`	`21`	`private val matchers = listOf(`
`22`	`22`	`AntPathMatcher.of("/v1/keeper/sign/**"),`
`23`	`23`	`AntPathMatcher.of("/v1/keeper/publicKey/**"),`
`24`		`- AntPathMatcher.of("/v1/keeper/system/**")`
	`24`	`+ AntPathMatcher.of("/v1/keeper/system/**"),`
	`25`	`+ AntPathMatcher.of("/v1/keeper/dkg/**")`
`25`	`26`	`)`
`26`	`27`
`27`	`28`	`override fun filter(ctx: ContainerRequestContext) {`