Merge pull request 'chore: cleanup nostr policy' (#6) from chore/cleanup into main
Reviewed-on: https://git.devvul.com///Asara/well-goknown/pulls/6
This commit is contained in:
commit
54e3271c37
4 changed files with 55 additions and 51 deletions
3
db/db.go
3
db/db.go
|
@ -14,8 +14,7 @@ func NewDB() (*sqlx.DB, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
l.Panic().Msg(err.Error())
|
l.Panic().Msg(err.Error())
|
||||||
}
|
}
|
||||||
err = db.Ping()
|
if err = db.Ping(); err != nil {
|
||||||
if err != nil {
|
|
||||||
l.Panic().Msg(err.Error())
|
l.Panic().Msg(err.Error())
|
||||||
}
|
}
|
||||||
l.Debug().Msg("connected to database")
|
l.Debug().Msg("connected to database")
|
||||||
|
|
11
nostr/helpers.go
Normal file
11
nostr/helpers.go
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
package nostr
|
||||||
|
|
||||||
|
func checknPubsInDb(npubs []string) bool {
|
||||||
|
var uid int
|
||||||
|
for _, npub := range npubs {
|
||||||
|
if err := DB.QueryRow("SELECT id FROM users WHERE pubkey=$1", npub).Scan(&uid); err == nil {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
43
nostr/policies.go
Normal file
43
nostr/policies.go
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
package nostr
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
|
||||||
|
"git.devvul.com/asara/gologger"
|
||||||
|
"git.devvul.com/asara/well-goknown/config"
|
||||||
|
"github.com/fiatjaf/khatru"
|
||||||
|
"github.com/nbd-wtf/go-nostr"
|
||||||
|
)
|
||||||
|
|
||||||
|
func RejectUnregisteredNpubs(ctx context.Context, event *nostr.Event) (reject bool, msg string) {
|
||||||
|
var err error
|
||||||
|
l := gologger.Get(config.GetConfig().LogLevel).With().Str("context", "nostr-reject-unregistered").Logger()
|
||||||
|
|
||||||
|
// always allow auth messages
|
||||||
|
if event.Kind == 22242 {
|
||||||
|
return false, ""
|
||||||
|
}
|
||||||
|
|
||||||
|
// ensure pubkey has authenticated
|
||||||
|
authenticatedUser := khatru.GetAuthed(ctx)
|
||||||
|
if authenticatedUser == "" {
|
||||||
|
l.Debug().Msgf("pubkey not authed: %s", event.PubKey)
|
||||||
|
return true, fmt.Sprintf("auth-required: interacting with this relay requires authentication")
|
||||||
|
}
|
||||||
|
|
||||||
|
npubs := []string{authenticatedUser}
|
||||||
|
// add recipients to npubs list
|
||||||
|
if event.Kind == 4 || event.Kind == 14 {
|
||||||
|
for _, npub := range event.Tags.GetAll([]string{"p"}) {
|
||||||
|
npubs = append(npubs, npub.Value())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// check if npubs are registered
|
||||||
|
if authz := checknPubsInDb(npubs); authz == false {
|
||||||
|
l.Debug().Msgf("kind: %v, pubkey: %s, error: %s", event.Kind, event.PubKey, err.Error())
|
||||||
|
return true, fmt.Sprintf("restricted: pubkey %s is not registered to any users", authenticatedUser)
|
||||||
|
}
|
||||||
|
return false, ""
|
||||||
|
}
|
|
@ -2,15 +2,12 @@ package nostr
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"fmt"
|
|
||||||
|
|
||||||
"git.devvul.com/asara/gologger"
|
|
||||||
"git.devvul.com/asara/well-goknown/config"
|
"git.devvul.com/asara/well-goknown/config"
|
||||||
"github.com/fiatjaf/eventstore/postgresql"
|
"github.com/fiatjaf/eventstore/postgresql"
|
||||||
"github.com/fiatjaf/khatru"
|
"github.com/fiatjaf/khatru"
|
||||||
"github.com/fiatjaf/khatru/policies"
|
"github.com/fiatjaf/khatru/policies"
|
||||||
"github.com/jmoiron/sqlx"
|
"github.com/jmoiron/sqlx"
|
||||||
"github.com/nbd-wtf/go-nostr"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
@ -73,49 +70,3 @@ func NewRelay(version string) *khatru.Relay {
|
||||||
)
|
)
|
||||||
return relay
|
return relay
|
||||||
}
|
}
|
||||||
|
|
||||||
func RejectUnregisteredNpubs(ctx context.Context, event *nostr.Event) (reject bool, msg string) {
|
|
||||||
l := gologger.Get(config.GetConfig().LogLevel).With().Str("context", "nostr-reject-unregistered").Logger()
|
|
||||||
|
|
||||||
// always allow auth messages
|
|
||||||
if event.Kind == 22242 {
|
|
||||||
return false, ""
|
|
||||||
}
|
|
||||||
|
|
||||||
authenticatedUser := khatru.GetAuthed(ctx)
|
|
||||||
if authenticatedUser == "" {
|
|
||||||
l.Debug().Msgf("pubkey not authed: %s", event.PubKey)
|
|
||||||
return true, fmt.Sprintf("auth-required: interacting with this relay requires authentication")
|
|
||||||
}
|
|
||||||
|
|
||||||
// reject nip-04 messages to users who aren't registered
|
|
||||||
if event.Kind == 4 {
|
|
||||||
receiver := event.Tags.GetFirst([]string{"p"}).Value()
|
|
||||||
var rid int
|
|
||||||
err := DB.QueryRow("SELECT id FROM users WHERE pubkey=$1", receiver).Scan(&rid)
|
|
||||||
if err != nil {
|
|
||||||
rid = -1
|
|
||||||
}
|
|
||||||
|
|
||||||
var sid int
|
|
||||||
err = DB.QueryRow("SELECT id FROM users WHERE pubkey=$1", authenticatedUser).Scan(&sid)
|
|
||||||
if err != nil {
|
|
||||||
sid = -1
|
|
||||||
}
|
|
||||||
|
|
||||||
if rid != -1 && sid != -1 {
|
|
||||||
l.Debug().Msgf("pubkeys %s or %s not found to be registered", receiver, event.PubKey)
|
|
||||||
return true, fmt.Sprintf("restricted: nobody in this nip04 message is registered to the relay")
|
|
||||||
}
|
|
||||||
return false, ""
|
|
||||||
}
|
|
||||||
|
|
||||||
// check if user is registered
|
|
||||||
var uid int
|
|
||||||
err := DB.QueryRow("SELECT id FROM users WHERE pubkey=$1", authenticatedUser).Scan(&uid)
|
|
||||||
if err != nil {
|
|
||||||
l.Debug().Msgf("kind: %v, pubkey: %s, error: %s", event.Kind, event.PubKey, err.Error())
|
|
||||||
return true, fmt.Sprintf("restricted: pubkey %s is not registered to any users", authenticatedUser)
|
|
||||||
}
|
|
||||||
return false, ""
|
|
||||||
}
|
|
||||||
|
|
Loading…
Reference in a new issue