From bbd7fc8e7bb837dee3110c6f0452fbec0570fa39 Mon Sep 17 00:00:00 2001
From: ltitanb <lorenzo@gattaca.com>
Date: Fri, 13 Sep 2024 14:39:35 +0100
Subject: [PATCH 1/2] add proxy module check

---
 crates/signer/src/manager.rs | 18 ++++++++++++++++++
 crates/signer/src/service.rs | 18 ++++++++++++++----
 2 files changed, 32 insertions(+), 4 deletions(-)

diff --git a/crates/signer/src/manager.rs b/crates/signer/src/manager.rs
index 9ef81bcb..38ffc6cd 100644
--- a/crates/signer/src/manager.rs
+++ b/crates/signer/src/manager.rs
@@ -189,6 +189,24 @@ impl SigningManager {
         self.proxy_signers.bls_signers.contains_key(bls_pk)
     }
 
+    pub fn has_proxy_bls_for_module(&self, bls_pk: &BlsPublicKey, module_id: &ModuleId) -> bool {
+        match self.proxy_pubkeys_bls.get(module_id) {
+            Some(keys) => keys.contains(bls_pk),
+            None => false,
+        }
+    }
+
+    pub fn has_proxy_ecdsa_for_module(
+        &self,
+        ecdsa_pk: &EcdsaPublicKey,
+        module_id: &ModuleId,
+    ) -> bool {
+        match self.proxy_pubkeys_ecdsa.get(module_id) {
+            Some(keys) => keys.contains(ecdsa_pk),
+            None => false,
+        }
+    }
+
     pub fn get_delegation_bls(
         &self,
         pubkey: &BlsPublicKey,
diff --git a/crates/signer/src/service.rs b/crates/signer/src/service.rs
index e1cffa61..0f7e432e 100644
--- a/crates/signer/src/service.rs
+++ b/crates/signer/src/service.rs
@@ -134,11 +134,21 @@ async fn handle_request_signature(
             .sign_consensus(&pubkey, &object_root)
             .await
             .map(|sig| Json(sig).into_response()),
-        SignRequest::ProxyBls(SignProxyRequest { pubkey: bls_pk, object_root }) => signing_manager
-            .sign_proxy_bls(&bls_pk, &object_root)
-            .await
-            .map(|sig| Json(sig).into_response()),
+        SignRequest::ProxyBls(SignProxyRequest { pubkey: bls_pk, object_root }) => {
+            if !signing_manager.has_proxy_bls_for_module(&bls_pk, &module_id) {
+                return Err(SignerModuleError::UnknownProxySigner(bls_pk.to_vec()));
+            }
+
+            signing_manager
+                .sign_proxy_bls(&bls_pk, &object_root)
+                .await
+                .map(|sig| Json(sig).into_response())
+        }
         SignRequest::ProxyEcdsa(SignProxyRequest { pubkey: ecdsa_pk, object_root }) => {
+            if !signing_manager.has_proxy_ecdsa_for_module(&ecdsa_pk, &module_id) {
+                return Err(SignerModuleError::UnknownProxySigner(ecdsa_pk.to_vec()));
+            }
+
             signing_manager
                 .sign_proxy_ecdsa(&ecdsa_pk, &object_root)
                 .await

From 0dd3ccabf27d2f24d974a1801580128bfe80e039 Mon Sep 17 00:00:00 2001
From: ltitanb <lorenzo@gattaca.com>
Date: Fri, 13 Sep 2024 14:50:37 +0100
Subject: [PATCH 2/2] remove unused

---
 .github/workflows/release.yml |  7 -------
 crates/signer/src/manager.rs  | 14 ++++----------
 2 files changed, 4 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f160b6dd..018faa9b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -36,13 +36,6 @@ jobs:
             os: macos-latest
           - target: aarch64-apple-darwin
             os: macos-latest
-        names:
-          - binary: commit-boost
-            publish: commit-boost-cli
-          - binary: default-pbs
-            publish: commit-boost-pbs
-          - binary: signer-module
-            publish: commit-boost-signer
 
     runs-on: ${{ matrix.os }}
     steps:
diff --git a/crates/signer/src/manager.rs b/crates/signer/src/manager.rs
index 38ffc6cd..ad0a1107 100644
--- a/crates/signer/src/manager.rs
+++ b/crates/signer/src/manager.rs
@@ -181,14 +181,6 @@ impl SigningManager {
         self.consensus_signers.contains_key(pubkey)
     }
 
-    pub fn has_proxy_ecdsa(&self, ecdsa_pk: &EcdsaPublicKey) -> bool {
-        self.proxy_signers.ecdsa_signers.contains_key(ecdsa_pk)
-    }
-
-    pub fn has_proxy_bls(&self, bls_pk: &BlsPublicKey) -> bool {
-        self.proxy_signers.bls_signers.contains_key(bls_pk)
-    }
-
     pub fn has_proxy_bls_for_module(&self, bls_pk: &BlsPublicKey, module_id: &ModuleId) -> bool {
         match self.proxy_pubkeys_bls.get(module_id) {
             Some(keys) => keys.contains(bls_pk),
@@ -313,7 +305,8 @@ mod tests {
             );
 
             assert!(
-                signing_manager.has_proxy_bls(&signed_delegation.message.proxy),
+                signing_manager
+                    .has_proxy_bls_for_module(&signed_delegation.message.proxy, &MODULE_ID),
                 "Newly generated proxy key must be present in the signing manager's registry."
             );
         }
@@ -391,7 +384,8 @@ mod tests {
             );
 
             assert!(
-                signing_manager.has_proxy_ecdsa(&signed_delegation.message.proxy),
+                signing_manager
+                    .has_proxy_ecdsa_for_module(&signed_delegation.message.proxy, &MODULE_ID),
                 "Newly generated proxy key must be present in the signing manager's registry."
             );
         }