interledger · sabineschaller · Nov 10, 2022 · Nov 10, 2022 · Nov 10, 2022 · Nov 10, 2022
diff --git a/packages/backend/src/config/app.ts b/packages/backend/src/config/app.ts
@@ -17,10 +17,10 @@ function envFloat(name: string, value: number): number {
   return envValue == null ? value : +envValue
 }
 
-// function envBool(name: string, value: boolean): boolean {
-//   const envValue = process.env[name]
-//   return envValue == null ? value : Boolean(envValue)
-// }
+function envBool(name: string, value: boolean): boolean {
+  const envValue = process.env[name]
+  return envValue == null ? value : envValue === 'true'
+}
 
 export type IAppConfig = typeof Config
 
@@ -103,6 +103,7 @@ export const Config = {
 
   signatureSecret: process.env.SIGNATURE_SECRET, // optional
   signatureVersion: envInt('SIGNATURE_VERSION', 1),
+  bypassSignatureValidation: envBool('BYPASS_SIGNATURE_VALIDATION', false),
 
   openPaymentsSpec: envString(
     'OPEN_PAYMENTS_SPEC',

diff --git a/packages/backend/src/open_payments/auth/middleware.ts b/packages/backend/src/open_payments/auth/middleware.ts
@@ -45,13 +45,15 @@ export function createAuthMiddleware({
       if (!access) {
         ctx.throw(403, 'Insufficient Grant')
       }
-      try {
-        if (!(await verifySigAndChallenge(grant.key.jwk, ctx))) {
-          ctx.throw(401, 'Invalid signature')
+      if (!config.bypassSignatureValidation) {
+        try {
+          if (!(await verifySigAndChallenge(grant.key.jwk, ctx))) {
+            ctx.throw(401, 'Invalid signature')
+          }
+        } catch (e) {
+          ctx.status = 401
+          ctx.throw(401, `Invalid signature`)
         }
-      } catch (e) {
-        ctx.status = 401
-        ctx.throw(401, `Invalid signature`)
       }
       await GrantReference.transaction(async (trx: Transaction) => {
         const grantRef = await grantReferenceService.get(grant.grant, trx)