chore: cleanup nostr policy #6

Merged
Asara merged 1 commit from chore/cleanup into main 2024-08-17 19:30:38 +00:00
4 changed files with 55 additions and 51 deletions

View file

@ -14,8 +14,7 @@ func NewDB() (*sqlx.DB, error) {
if err != nil { if err != nil {
l.Panic().Msg(err.Error()) l.Panic().Msg(err.Error())
} }
err = db.Ping() if err = db.Ping(); err != nil {
if err != nil {
l.Panic().Msg(err.Error()) l.Panic().Msg(err.Error())
} }
l.Debug().Msg("connected to database") l.Debug().Msg("connected to database")

11
nostr/helpers.go Normal file
View file

@ -0,0 +1,11 @@
package nostr
func checknPubsInDb(npubs []string) bool {
var uid int
for _, npub := range npubs {
if err := DB.QueryRow("SELECT id FROM users WHERE pubkey=$1", npub).Scan(&uid); err == nil {
return true
}
}
return false
}

43
nostr/policies.go Normal file
View file

@ -0,0 +1,43 @@
package nostr
import (
"context"
"fmt"
"git.devvul.com/asara/gologger"
"git.devvul.com/asara/well-goknown/config"
"github.com/fiatjaf/khatru"
"github.com/nbd-wtf/go-nostr"
)
func RejectUnregisteredNpubs(ctx context.Context, event *nostr.Event) (reject bool, msg string) {
var err error
l := gologger.Get(config.GetConfig().LogLevel).With().Str("context", "nostr-reject-unregistered").Logger()
// always allow auth messages
if event.Kind == 22242 {
return false, ""
}
// ensure pubkey has authenticated
authenticatedUser := khatru.GetAuthed(ctx)
if authenticatedUser == "" {
l.Debug().Msgf("pubkey not authed: %s", event.PubKey)
return true, fmt.Sprintf("auth-required: interacting with this relay requires authentication")
}
npubs := []string{authenticatedUser}
// add recipients to npubs list
if event.Kind == 4 || event.Kind == 14 {
for _, npub := range event.Tags.GetAll([]string{"p"}) {
npubs = append(npubs, npub.Value())
}
}
// check if npubs are registered
if authz := checknPubsInDb(npubs); authz == false {
l.Debug().Msgf("kind: %v, pubkey: %s, error: %s", event.Kind, event.PubKey, err.Error())
return true, fmt.Sprintf("restricted: pubkey %s is not registered to any users", authenticatedUser)
}
return false, ""
}

View file

@ -2,15 +2,12 @@ package nostr
import ( import (
"context" "context"
"fmt"
"git.devvul.com/asara/gologger"
"git.devvul.com/asara/well-goknown/config" "git.devvul.com/asara/well-goknown/config"
"github.com/fiatjaf/eventstore/postgresql" "github.com/fiatjaf/eventstore/postgresql"
"github.com/fiatjaf/khatru" "github.com/fiatjaf/khatru"
"github.com/fiatjaf/khatru/policies" "github.com/fiatjaf/khatru/policies"
"github.com/jmoiron/sqlx" "github.com/jmoiron/sqlx"
"github.com/nbd-wtf/go-nostr"
) )
var ( var (
@ -73,49 +70,3 @@ func NewRelay(version string) *khatru.Relay {
) )
return relay return relay
} }
func RejectUnregisteredNpubs(ctx context.Context, event *nostr.Event) (reject bool, msg string) {
l := gologger.Get(config.GetConfig().LogLevel).With().Str("context", "nostr-reject-unregistered").Logger()
// always allow auth messages
if event.Kind == 22242 {
return false, ""
}
authenticatedUser := khatru.GetAuthed(ctx)
if authenticatedUser == "" {
l.Debug().Msgf("pubkey not authed: %s", event.PubKey)
return true, fmt.Sprintf("auth-required: interacting with this relay requires authentication")
}
// reject nip-04 messages to users who aren't registered
if event.Kind == 4 {
receiver := event.Tags.GetFirst([]string{"p"}).Value()
var rid int
err := DB.QueryRow("SELECT id FROM users WHERE pubkey=$1", receiver).Scan(&rid)
if err != nil {
rid = -1
}
var sid int
err = DB.QueryRow("SELECT id FROM users WHERE pubkey=$1", authenticatedUser).Scan(&sid)
if err != nil {
sid = -1
}
if rid != -1 && sid != -1 {
l.Debug().Msgf("pubkeys %s or %s not found to be registered", receiver, event.PubKey)
return true, fmt.Sprintf("restricted: nobody in this nip04 message is registered to the relay")
}
return false, ""
}
// check if user is registered
var uid int
err := DB.QueryRow("SELECT id FROM users WHERE pubkey=$1", authenticatedUser).Scan(&uid)
if err != nil {
l.Debug().Msgf("kind: %v, pubkey: %s, error: %s", event.Kind, event.PubKey, err.Error())
return true, fmt.Sprintf("restricted: pubkey %s is not registered to any users", authenticatedUser)
}
return false, ""
}