• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

decentraland / world-storage-service
99%

Build:
DEFAULT BRANCH: main
Repo Added 14 Jan 2026 07:04PM UTC
Files 58
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

LAST BUILD ON BRANCH main
branch: SELECT
CHANGE BRANCH
x
  • No branch selected
  • 1.0.0
  • 1.1.0
  • 1.1.1
  • 1.2.0
  • 1.4.0
  • 1.4.1
  • chore/add-package-json-lint
  • chore/add-service-logs
  • chore/bump-node
  • chore/migrate-to-core-components
  • chore/pin-node-24-base-image
  • chore/replace-platform-server-commons-with-http-commons
  • chore/update-node-24
  • dependabot/npm_and_yarn/dcl/schemas-22.1.0
  • dependabot/npm_and_yarn/dcl/schemas-22.2.0
  • dependabot/npm_and_yarn/dcl/schemas-22.3.0
  • dependabot/npm_and_yarn/dcl/schemas-22.4.0
  • dependabot/npm_and_yarn/dcl/schemas-22.5.0
  • dependabot/npm_and_yarn/dcl/schemas-23.0.0
  • dependabot/npm_and_yarn/dcl/schemas-23.1.0
  • dependabot/npm_and_yarn/dcl/schemas-24.0.0
  • dependabot/npm_and_yarn/dcl/schemas-25.0.0
  • dependabot/npm_and_yarn/dcl/schemas-25.1.0
  • dependabot/npm_and_yarn/dcl/schemas-25.2.0
  • dependabot/npm_and_yarn/dcl/schemas-25.3.0
  • dependabot/npm_and_yarn/dcl/schemas-26.0.0
  • dependabot/npm_and_yarn/dcl/schemas-26.1.0
  • dependabot/npm_and_yarn/flatted-3.4.2
  • dependabot/npm_and_yarn/handlebars-4.7.9
  • dependabot/npm_and_yarn/jest-30.3.0
  • dependabot/npm_and_yarn/lodash-4.17.23
  • dependabot/npm_and_yarn/nodemon-3.1.13
  • dependabot/npm_and_yarn/nodemon-3.1.14
  • dependabot/npm_and_yarn/npm-package-json-lint-10.0.0
  • dependabot/npm_and_yarn/npm-package-json-lint-10.2.0
  • dependabot/npm_and_yarn/prettier-3.8.2
  • dependabot/npm_and_yarn/ts-jest-29.4.9
  • dependabot/npm_and_yarn/types/node-25.0.10
  • dependabot/npm_and_yarn/types/node-25.0.9
  • dependabot/npm_and_yarn/types/node-25.1.0
  • dependabot/npm_and_yarn/types/node-25.2.0
  • dependabot/npm_and_yarn/types/node-25.2.1
  • dependabot/npm_and_yarn/types/node-25.2.2
  • dependabot/npm_and_yarn/types/node-25.2.3
  • dependabot/npm_and_yarn/types/node-25.3.0
  • dependabot/npm_and_yarn/types/node-25.3.3
  • dependabot/npm_and_yarn/types/node-25.3.5
  • dependabot/npm_and_yarn/types/node-25.4.0
  • dependabot/npm_and_yarn/types/node-25.5.0
  • dependabot/npm_and_yarn/types/node-25.5.2
  • dependabot/npm_and_yarn/types/node-25.6.0
  • dependabot/npm_and_yarn/typescript-eslint/parser-8.54.0
  • dependabot/npm_and_yarn/typescript-eslint/parser-8.55.0
  • dependabot/npm_and_yarn/typescript-eslint/parser-8.56.0
  • dependabot/npm_and_yarn/typescript-eslint/parser-8.56.1
  • dependabot/npm_and_yarn/typescript-eslint/parser-8.57.0
  • dependabot/npm_and_yarn/typescript-eslint/parser-8.57.1
  • dependabot/npm_and_yarn/typescript-eslint/parser-8.57.2
  • dependabot/npm_and_yarn/typescript-eslint/parser-8.58.0
  • dependabot/npm_and_yarn/typescript-eslint/parser-8.58.1
  • docs/fix-docs
  • feat/authorized-addresses-only-middleware
  • feat/cors
  • feat/delete-all-endpoints
  • feat/env-storage-endpoints
  • feat/list-env-keys
  • feat/list-player-storage
  • feat/list-players
  • feat/list-world-storage
  • feat/multi-scene-storage
  • feat/scoped-storage-delegation
  • feat/secrets-encryption
  • feat/size-limits
  • feat/storage-caching-and-json-perf
  • feat/usage-endpoints
  • fix/add-options-to-cors
  • fix/audit-hardening
  • fix/authorization-middleware
  • main
  • refactor/rename-world-permissions-manager

08 Jul 2026 04:53PM UTC coverage: 98.68% (-0.1%) from 98.824%
28960364948

push

github

web-flow
feat: authorize world-scoped authoritative storage delegations (#112)

* feat: authorize world-scoped authoritative storage delegations

Adds an additive authorization path for /values/* so an authoritative scene server can read/write a world's storage without holding the authoritative key.

A request signed by a throwaway ephemeral is authorized when it carries an x-authoritative-scope claim, signed by a trusted AUTHORITATIVE_SERVER_ADDRESS, that binds that ephemeral to the target world and has not expired. The claim's ephemeral must equal the request signer (blocks replaying a captured claim with another key). The existing owner/ACL and broad authorized-address paths are unchanged.

Pin @dcl/crypto (was transitive) since verifyStorageDelegation uses it directly.

* refactor: storage delegations no longer expire (worker-lifetime)

Drop the Expiration line from the claim and the expiry check: the ephemeral lives for the life of the scene worker. The ephemeral==signer binding and world scoping remain; revoke by rotating the authoritative key.

* feat: enforce storage delegation expiry again (1h TTL)

Re-add the Expiration claim line and the expiry check; delegations are short-lived and renewed by the worker over IPC, so an expired claim must be rejected.

* fix: restrict storage scope-claim signers to the authoritative address; cover the scoped path

Least authority: a scope claim is trusted only when signed by AUTHORITATIVE_SERVER_ADDRESS, not by every AUTHORIZED_ADDRESSES entry. Add middleware-level tests for the world-scoped delegation branch (valid, untrusted signer, wrong ephemeral, wrong world, expired, missing header).

* chore: fix eslint (prettier, import order, interface types, typed auth chain)

* feat: enforce scene scope on storage delegations; guard header size

Security review F2/F5: verifyStorageDelegation now takes a target { signer, world, sceneId, parcel, trustedSigners } and requires the claim's sceneId == the request's scene and pa... (continued)

424 of 438 branches covered (96.8%)

Branch coverage included in aggregate %.

69 of 70 new or added lines in 2 files covered. (98.57%)

1146 of 1153 relevant lines covered (99.39%)

69.42 hits per line

Relevant lines Covered
Build:
Build:
1153 RELEVANT LINES 1146 COVERED LINES
69.42 HITS PER LINE
Source Files on main
  • Tree
  • List 58
  • Changed 33
  • Source Changed 1
  • Coverage Changed 33
Coverage ∆ File Lines Relevant Covered Missed Hits/Line Branch Hits Branch Misses

Recent builds

Builds Branch Commit Type Ran Committer Via Coverage
28960364948 main feat: authorize world-scoped authoritative storage delegations (#112) * feat: authorize world-scoped authoritative storage delegations Adds an additive authorization path for /values/* so an authoritative scene server can read/write a world's st... push 08 Jul 2026 04:54PM UTC web-flow github
98.68
28907443724 feat/scoped-storage-delegation refactor: encapsulate the signature check; document confinement model (review round 3) #4: extract isPersonalSignatureBy(address, message, signature) so the synthetic [SIGNER, ECDSA_PERSONAL_SIGNED_ENTITY] auth-chain trick is contained behind a c... Pull #112 08 Jul 2026 12:05AM UTC LautaroPetaccio github
98.68
28898748893 feat/scoped-storage-delegation fix: harden storage delegation verification (review round 2) B1: guard a JSON 'null'/primitive payload before destructuring — previously threw a TypeError out of verifyStorageDelegation (attacker-triggerable 500, and broke owner/deployer fall-thr... Pull #112 07 Jul 2026 09:08PM UTC LautaroPetaccio github
98.74
28895412237 feat/scoped-storage-delegation feat: enforce scene scope on storage delegations; guard header size Security review F2/F5: verifyStorageDelegation now takes a target { signer, world, sceneId, parcel, trustedSigners } and requires the claim's sceneId == the request's scene and p... Pull #112 07 Jul 2026 08:12PM UTC LautaroPetaccio github
98.53
28891675888 feat/scoped-storage-delegation chore: fix eslint (prettier, import order, interface types, typed auth chain) Pull #112 07 Jul 2026 07:09PM UTC LautaroPetaccio github
98.57
28891028092 feat/scoped-storage-delegation fix: restrict storage scope-claim signers to the authoritative address; cover the scoped path Least authority: a scope claim is trusted only when signed by AUTHORITATIVE_SERVER_ADDRESS, not by every AUTHORIZED_ADDRESSES entry. Add middleware-leve... Pull #112 07 Jul 2026 06:58PM UTC LautaroPetaccio github
98.57
28889895322 feat/scoped-storage-delegation feat: enforce storage delegation expiry again (1h TTL) Re-add the Expiration claim line and the expiry check; delegations are short-lived and renewed by the worker over IPC, so an expired claim must be rejected. Pull #112 07 Jul 2026 06:39PM UTC LautaroPetaccio github
97.92
28888929248 feat/scoped-storage-delegation refactor: storage delegations no longer expire (worker-lifetime) Drop the Expiration line from the claim and the expiry check: the ephemeral lives for the life of the scene worker. The ephemeral==signer binding and world scoping remain; revoke by... Pull #112 07 Jul 2026 06:23PM UTC LautaroPetaccio github
97.9
28628817499 main fix: harden storage quotas, input validation, and upstream resilience (#111) * fix: harden storage quotas, input validation, and upstream resilience Fixes from a full-codebase audit: Quota correctness: - Credit the existing value against the ex... push 02 Jul 2026 11:49PM UTC web-flow github
98.82
28623054580 fix/audit-hardening refactor: address P2 review comments - Drain the body of the final non-OK upstream response before throwing/returning on the Places, worlds-content-server, and LAMBDAS error paths. The fetcher cancels bodies of retried responses itself but ha... Pull #111 02 Jul 2026 09:36PM UTC LautaroPetaccio github
98.82
See All Builds (164)
  • Repo on GitHub
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc